一:关于前台权限
1:只允许自己看到
首先,我们需要确定在 Role 设置页面,用户所对应的 View Page by others 和 View all content 未被选中。备注,我们首先和得设置 Anonymous 和 Authenticated 的这两个的权限,这两项也未被选中。
这样一来,我们可以达到整个站点,我们只能看到自己的东西,如下:
而如果是 Admin 等全权限登录的,应该是这样的:
2:只允许某个角色看到
同理1。
二:关于自定义权限
首先,我们需要在模块的根目录下创建文件 Permissions:
public class Permissions : IPermissionProvider {
public static readonly Permission ManageBlogs = new Permission { Description = "Manage blogs for others", Name = "ManageBlogs" };
public static readonly Permission ManageOwnBlogs = new Permission { Description = "Manage own blogs", Name = "ManageOwnBlogs", ImpliedBy = new[] { ManageBlogs } };public static readonly Permission PublishBlogPost = new Permission { Description = "Publish or unpublish blog post for others", Name = "PublishBlogPost", ImpliedBy = new[] { ManageBlogs } };
public static readonly Permission PublishOwnBlogPost = new Permission { Description = "Publish or unpublish own blog post", Name = "PublishOwnBlogPost", ImpliedBy = new[] { PublishBlogPost, ManageOwnBlogs } };
public static readonly Permission EditBlogPost = new Permission { Description = "Edit blog posts for others", Name = "EditBlogPost", ImpliedBy = new[] { PublishBlogPost } };
public static readonly Permission EditOwnBlogPost = new Permission { Description = "Edit own blog posts", Name = "EditOwnBlogPost", ImpliedBy = new[] { EditBlogPost, PublishOwnBlogPost } };
public static readonly Permission DeleteBlogPost = new Permission { Description = "Delete blog post for others", Name = "DeleteBlogPost", ImpliedBy = new[] { ManageBlogs } };
public static readonly Permission DeleteOwnBlogPost = new Permission { Description = "Delete own blog post", Name = "DeleteOwnBlogPost", ImpliedBy = new[] { DeleteBlogPost, ManageOwnBlogs } };public static readonly Permission MetaListBlogs = new Permission { ImpliedBy = new[] { EditBlogPost, PublishBlogPost, DeleteBlogPost }, Name = "MetaListBlogs"};
public static readonly Permission MetaListOwnBlogs = new Permission { ImpliedBy = new[] { EditOwnBlogPost, PublishOwnBlogPost, DeleteOwnBlogPost }, Name = "MetaListOwnBlogs" };public virtual Feature Feature { get; set; }
public IEnumerable<Permission> GetPermissions() {
return new[] {
ManageOwnBlogs,
ManageBlogs,
EditOwnBlogPost,
EditBlogPost,
PublishOwnBlogPost,
PublishBlogPost,
DeleteOwnBlogPost,
DeleteBlogPost,
};
}public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return new[] {
new PermissionStereotype {
Name = "Administrator",
Permissions = new[] {ManageBlogs}
},
new PermissionStereotype {
Name = "Editor",
Permissions = new[] {PublishBlogPost,EditBlogPost,DeleteBlogPost}
},
new PermissionStereotype {
Name = "Moderator",
},
new PermissionStereotype {
Name = "Author",
Permissions = new[] {ManageOwnBlogs}
},
new PermissionStereotype {
Name = "Contributor",
Permissions = new[] {EditOwnBlogPost}
},
};
}}
其次,我们需要在控制器中,为服务设定权限,如:
public AdminController(IMyService myService, IOrchardServices orchardServices) { _myService = myService; Services = orchardServices; }
。。。
Services.Authorizer.Authorize(Permissions.SomeModulePermission, T("Some operation failed"));
三:获取当前登录用户的角色信息
四:对 PART 设定权限
至此,ORCHARD 已经完全控制了所以的显式和功能权限,包括页面上的 PART部分。
参考:
http://docs.orchardproject.net/Documentation/Developer-FAQ
http://orchard.codeplex.com/discussions/547703
http://orchard.codeplex.com/discussions/390754
Orchard 前台权限与自定义权限