This is an issue that comes up when viewing the Role Edit screen for a particular role. It may have wider consequences.
The Effective Permissions are calculated by "simulating" a user for that role. The AdminController from Orchard.Roles creates a simulated user with the single role and passes this simulation along to calls to IAuthorizationService.TryCheckAccess.
This module overrides the default IAuthorizationService (related to #9), and takes the union of the given context.User.Roles and the current AD user's roles. This makes sense in most cases, except for what I've outlined above, when the context.User is a simulated user just for the purposes of calculating Effective Permissions.
There is a relatively simple change to make in ActiveDirectoryAuthorizationService.TryCheckAccess. I'm happy to submit a PR, but would like to do so on top of #14 if possible.
This is an issue that comes up when viewing the Role Edit screen for a particular role. It may have wider consequences.
The Effective Permissions are calculated by "simulating" a user for that role. The
AdminController
fromOrchard.Roles
creates a simulated user with the single role and passes this simulation along to calls toIAuthorizationService.TryCheckAccess
.This module overrides the default
IAuthorizationService
(related to #9), and takes the union of the givencontext.User.Roles
and the current AD user's roles. This makes sense in most cases, except for what I've outlined above, when thecontext.User
is a simulated user just for the purposes of calculating Effective Permissions.There is a relatively simple change to make in
ActiveDirectoryAuthorizationService.TryCheckAccess
. I'm happy to submit a PR, but would like to do so on top of #14 if possible.