-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify how to check if the user is an admin #16866
Changes from 1 commit
40cecf7
0ba53f8
499e140
0a6076c
62ff192
9b7eab0
8a975a5
0bba0c9
4df0e71
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
using System.Security.Claims; | ||
using OrchardCore.Security.Permissions; | ||
|
||
namespace OrchardCore.Security; | ||
|
@@ -6,4 +7,9 @@ public static class StandardPermissions | |
{ | ||
[Obsolete("This permission is deprecated and will be removed in future releases. Instead, consider adding users to the system administrator role.")] | ||
public static readonly Permission SiteOwner = new("SiteOwner", "Site Owners Permission", isSecurityCritical: true); | ||
|
||
/// <summary> | ||
/// This claim is assigned by the system during the login process if the user belongs to the Administrator role. | ||
/// </summary> | ||
public static readonly Claim SiteOwnerClaim = new("OrchardCorePermissions", "all-permissions"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the type name should be more clear and maybe not related to our permissions only. In the future, we may want to use this claim for other checks, beside checking for the existing permissions. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I changed it to |
||
} |
This file was deleted.
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But this would be removed if we have a custom filter for authorization, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we would. Because we should still return true if the user is an admin.
has_authorization
would use theIAutheorizationService
to do similar check without evaluating the claims explicitly.If we need to remove it, we'll have to document it as a breaking change for 3.0 and offer
has_authorization
as a better way to authorize userThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In 2.x because it would be a breaking change otherwise. So we can remove it in 3.0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So are you saying to keep this and at somepoint add
has_authorization
. then in 3.0, we can remove this check from has_claim, correct?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sebastienros actually we already have
has_permission
filter that one can already use. So I don't think there is a need to addhas_authorization
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also think this should be removed e.g. in 3.0, but lets keep it for backward compatibility until then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a note so we can remove it in 3.0