search

moov2 / Orchard.ActiveDirectoryAuthorization

Module for Orchard CMS that handles authorization for active directory users.
19 stars 15 forks source link

"Simulated" users in the Admin receive current AD user's roles #15

Open thekaveman opened 8 years ago

thekaveman commented 8 years ago

This is an issue that comes up when viewing the Role Edit screen for a particular role. It may have wider consequences.

The Effective Permissions are calculated by "simulating" a user for that role. The AdminController from Orchard.Roles creates a simulated user with the single role and passes this simulation along to calls to IAuthorizationService.TryCheckAccess.

This module overrides the default IAuthorizationService (related to #9), and takes the union of the given context.User.Roles and the current AD user's roles. This makes sense in most cases, except for what I've outlined above, when the context.User is a simulated user just for the purposes of calculating Effective Permissions.

There is a relatively simple change to make in ActiveDirectoryAuthorizationService.TryCheckAccess. I'm happy to submit a PR, but would like to do so on top of #14 if possible.

peterkeating commented 7 years ago

Same as your other active issue, feel free to submit a PR and I'll get it merged in and released to the Orchard Gallery as soon as I can.

Thanks for your help, much appreciated.