search

umbraco / Umbraco-CMS

Umbraco is a free and open source .NET content management system helping you deliver delightful digital experiences.
https://umbraco.com
MIT License
4.45k stars 2.68k forks source link

Cannot define own RoleProvider for public access #5533

Closed Appstract-fjellvang closed 2 years ago

Appstract-fjellvang commented 5 years ago

In Umbraco 8 it doesnt seem to be possible to add your own RoleProvider any longer - therefor you cannot roll with an external data source for your member groups.

Reproduction

Create a class that implements RoleProvider. Define "GetAllRoles" so that it returns an array of strings of test user groups.

Change the reference in the Web.config as done in umbraco 7.

Bug summary

The custom defined groups doesn't show up in during "Role based protected" nor in the Member group dropdown of the Member dashboard

Specifics

Found this code in the source: https://github.com/umbraco/Umbraco-CMS/blob/5a07e34fb4756004bc7175f28a96332bbe84b7ae/src/Umbraco.Web/Editors/MemberGroupController.cs#L66

Seems like when your're using a custom membership provider, it just returns an empty array.

Expected result

I expect a list of custom membership groups

Actual result

Empty list

nul800sebastiaan commented 5 years ago

Hi @Appstract-fjellvang - the code you reference has been like this since v7.5.0, released in August 2016. I can't remember exactly why it changed but I am sure it was for good reason.

I'll assign this to @Shazwazza to see what he says when he comes back from his holidays, maybe @AndyButland can chime in here as well?

AndyButland commented 5 years ago

I did some of the early work on user groups back around then, but nothing on member groups as I recall. So don't think I've got any insight here.

Appstract-fjellvang commented 5 years ago

@AndyButland So you're saying the MemberGroupController has been like that since 7.5 ? Because i didn't succeed in finding any equivalent in the umbraco 7.14 release, and custom member groups are working as expected in our umbraco 7 solutions

Edit:

Okay i found the method i th 7.14 release and it seems equivalent - so i guess i referenced the wrong line of code. But still in my other project running umbraco 7.14 i can add my own custom usergroups so the issue must lie elsewhere

Appstract-fjellvang commented 5 years ago

I figured it out.

Seems like you don't use the RoleProvider any longer.

I made it work by implementing my own MemberGroupService, then RegisterUnique in an IUserComposer and finally made my membership provider implement UmbracoMembershipProviderBase instead of the old MembershipProvider

Shazwazza commented 5 years ago

Replacing the MemberGroupService isn't what we want to do here, i'll re-open.

Shazwazza commented 5 years ago

In this case for role based public access it should be querying the role provider but will need to investigate if there's a reason this is not done.

Appstract-fjellvang commented 5 years ago

Yeah that does make more sense, but i didn't investigate further why this didnt happen

Appstract-fjellvang commented 5 years ago

@Shazwazza With workaround we use, replacing membergroupservice, we are also only able give a single group permission to access a restricted node. If we choose more than one, the input is simply ignored

reneemhaas commented 4 years ago

Any update on this? I implemented a custom member provider and now I need to authenticate access with a custom role provider.

enkelmedia commented 4 years ago

Still nothing here... when I tried this now on 8.6.0 the only "issue" is that the list of groups to select comes from the IMemberGroupService and not from the role provider.

Would'nt it be possible to update that code to use the RoleProvider? Or is this a bigger issue than that?

Looks like the UmbracoHelper.MemberHasAccess is using the RoleProvider.

enkelmedia commented 4 years ago

@nul800sebastiaan @Shazwazza if you point me in the right direction I'm happy to help.

I'm thinking that we might want to change the way that the select-list that appears, today its a MemberGroup-picker which is not really what one might want when using a Custom Role Provider.

The thing is that the endpoint for saving takes in strings and adding a PublicAccessEntry for each role, umbraco/backoffice/UmbracoApi/Content/PostPublicAccess?contentId=1066&loginPageId=1062&errorPageId=1062&groups[]=ROL11&groups[]=ROL11

Basically we could do the following: Add a method to ContentController that returns a list of Roles from the RoleProvider (be it Umbraco Member Groups or Roles from a custom RoleProvider) then use these groups and send them to Content/PostPublicAccess.

enkelmedia commented 4 years ago

I've looked closer at this now,

Figured we could maybe use the editorService.itemPicker and just provide a list of items but it turns out that the visual appearance of the itemPicker does not really match what we want.

Looks like this: image

The ideal would be to have something that looks like the current tree-picker but uses data that is not from any "entityType".

image

Maybe we could add a method like editorService.itemListPicker() that works similar to editorService.itemPicker but shows them as a list, another option would be to extend the itemPicker with some config like "multiSelect:true/false" and "listType: grid/list" to be able to select multiple options.

Any feedback or pointers?

KeithBoynton commented 4 years ago

It would be amazing to see a resolution to this, I've hit this exact problem too and it was twisting my brain until I saw this thread

umbrabot commented 3 years ago

Hiya @Appstract-fjellvang,

Just wanted to let you know that we noticed that this issue got a bit stale and might not be relevant any more.

We will close this issue for now but we're happy to open it up again if you think it's still relevant (for example: it's a feature request that's not yet implemented, or it's a bug that's not yet been fixed).

To open it this issue up again, you can write @umbrabot still relevant in a new comment as the first line. It would be super helpful for us if on the next line you could let us know why you think it's still relevant.

For example:

@umbrabot still relevant This bug can still be reproduced in version x.y.z

This will reopen the issue in the next few hours.

Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:

ssujay commented 3 years ago

@umbrabot still relevant We have been trying to override the Membership and Role providers following the "standard" .NET approach via the web.config options and can not get Umbraco 8.17.0-rc to use the membership and role providers we have had operating since Umbraco 4 (and successfully applied in U7 latest).

Is the above work around (override MemberGroupService) still considered "not what we want to do here"? It doesn't seem that is a viable options as there is no way to use multiple Roles (based on above comments) anyhow.

This is an important problem that is driving many people nuts on the internet - I'm not sure how I managed to bump into this bug report, but we've been chasing this problem for weeks.

We need to either get this fixed, or leave the Umbraco world - kinda a bad thing given we've been deploying sites on Umbraco for over 10 years....

enkelmedia commented 3 years ago

The PR has been there for quite some time but the progress kind of stopped.

https://github.com/umbraco/Umbraco-CMS/pull/8114

KeithBoynton commented 3 years ago

Yes definitely still relevant!

umbrabot commented 2 years ago

Closing this in relation to PR #8114 - make sure to read the close reason on #8114

umbrabot commented 2 years ago

Closing this in relation to PR #8114 - make sure to read the close reason on #8114