Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roles or Groups for site users #56

Closed
aruss opened this issue Jun 1, 2013 · 4 comments
Closed

Roles or Groups for site users #56

aruss opened this issue Jun 1, 2013 · 4 comments
Assignees
@kooboo-jifeng
Milestone
4.2.0

Comments

@aruss
Copy link

aruss commented Jun 1, 2013

Can I assign roles to site users or assign users to groups so I can restict access to pages for specific roles or user groups?

Cheers
aruss
@ghost ghost assigned kooboo-jifeng Jun 3, 2013
@kooboo-jifeng
Copy link
Contributor

Hi

Haven't this feature right now.

But we plan to make a permission tab on the page to customize:

  1. Which user/role can (inline)edit this page.
  2. Which user/role can visit this page.

@aruss
Copy link
Author

aruss commented Jun 3, 2013

Ok, thanks.

So then you will need to prevent users with "front end" roles from accessing the admin panel.
I noticed that if the user is authenticated but has no roles for backend he still can access the admin panel and see the page structure do couple commands.

I prevented it by rewriting AuthorizeCore method in AuthorizationAttribute

protected virtual bool AuthorizeCore(RequestContext requestContext)
{
    if (requestContext.HttpContext.User.Identity.IsAuthenticated)
    {
        if (Kooboo.CMS.Sites.Services.ServiceFactory
            .UserManager.IsAdministrator(requestContext.HttpContext.User.Identity.Name))
            return true;

        if (!RequiredAdministrator)
        {
            var roles = Kooboo.CMS.Account.Services.ServiceFactory
                .RoleManager.All().Select(s => s.Name).ToArray();
            return IsInAnyRole(requestContext.HttpContext.User, roles); 
        }
    }

    return false; 
}

@kooboo-jifeng
Copy link
Contributor

@aruss Thanks, I have reproduced the issue.

kooboo-jifeng added a commit that referenced this issue Jun 9, 2013
@kooboo-jifeng
Fixed issue describe in #56: If the user is authenticated but has no …
e7b7be4 
…roles for backend he still can access the admin panel and see the page structure do couple commands.
kooboo-jifeng referenced this issue Jul 3, 2013
@kooboo-jifeng
Membership management.
a8e800d
kooboo-jifeng referenced this issue Jul 12, 2013
@kooboo-jifeng
Preview version of membership.
48dd4c3
@kooboo-jifeng
Copy link
Contributor

It is the membership feature, main features:

  1. Member management.
  2. Page permission setting for member.
  3. Connect to OAuth provider such like: Facebook, twitter, g+ etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kooboo-jifeng kooboo-jifeng

Labels
None yet
Projects
None yet
Milestone
4.2.0
Development

No branches or pull requests
2 participants
@aruss @kooboo-jifeng