一:關于前台權限
1:隻允許自己看到
首先,我們需要确定在 Role 設定頁面,使用者所對應的 View Page by others 和 View all content 未被選中。備注,我們首先和得設定 Anonymous 和 Authenticated 的這兩個的權限,這兩項也未被選中。
這樣一來,我們可以達到整個站點,我們隻能看到自己的東西,如下:
2:隻允許某個角色看到
同理1。
二:關于自定義權限
首先,我們需要在子產品的根目錄下建立檔案 Permissions:
public class Permissions : IPermissionProvider {
public static readonly Permission ManageBlogs = new Permission { Description = "Manage blogs for others", Name = "ManageBlogs" };
public static readonly Permission ManageOwnBlogs = new Permission { Description = "Manage own blogs", Name = "ManageOwnBlogs", ImpliedBy = new[] { ManageBlogs } };
public static readonly Permission PublishBlogPost = new Permission { Description = "Publish or unpublish blog post for others", Name = "PublishBlogPost", ImpliedBy = new[] { ManageBlogs } };
public static readonly Permission PublishOwnBlogPost = new Permission { Description = "Publish or unpublish own blog post", Name = "PublishOwnBlogPost", ImpliedBy = new[] { PublishBlogPost, ManageOwnBlogs } };
public static readonly Permission EditBlogPost = new Permission { Description = "Edit blog posts for others", Name = "EditBlogPost", ImpliedBy = new[] { PublishBlogPost } };
public static readonly Permission EditOwnBlogPost = new Permission { Description = "Edit own blog posts", Name = "EditOwnBlogPost", ImpliedBy = new[] { EditBlogPost, PublishOwnBlogPost } };
public static readonly Permission DeleteBlogPost = new Permission { Description = "Delete blog post for others", Name = "DeleteBlogPost", ImpliedBy = new[] { ManageBlogs } };
public static readonly Permission DeleteOwnBlogPost = new Permission { Description = "Delete own blog post", Name = "DeleteOwnBlogPost", ImpliedBy = new[] { DeleteBlogPost, ManageOwnBlogs } };
public static readonly Permission MetaListBlogs = new Permission { ImpliedBy = new[] { EditBlogPost, PublishBlogPost, DeleteBlogPost }, Name = "MetaListBlogs"};
public static readonly Permission MetaListOwnBlogs = new Permission { ImpliedBy = new[] { EditOwnBlogPost, PublishOwnBlogPost, DeleteOwnBlogPost }, Name = "MetaListOwnBlogs" };
public virtual Feature Feature { get; set; }
public IEnumerable<Permission> GetPermissions() {
return new[] {
ManageOwnBlogs,
ManageBlogs,
EditOwnBlogPost,
EditBlogPost,
PublishOwnBlogPost,
PublishBlogPost,
DeleteOwnBlogPost,
DeleteBlogPost,
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
new PermissionStereotype {
Name = "Administrator",
Permissions = new[] {ManageBlogs}
},
Name = "Editor",
Permissions = new[] {PublishBlogPost,EditBlogPost,DeleteBlogPost}
Name = "Moderator",
Name = "Author",
Permissions = new[] {ManageOwnBlogs}
Name = "Contributor",
Permissions = new[] {EditOwnBlogPost}
}
其次,我們需要在控制器中,為服務設定權限,如:
。。。public AdminController(IMyService myService, IOrchardServices orchardServices) { _myService = myService; Services = orchardServices; }
Services.Authorizer.Authorize(Permissions.SomeModulePermission, T("Some operation failed"));
三:擷取目前登入使用者的角色資訊
四:對 PART 設定權限
至此,ORCHARD 已經完全控制了是以的顯式和功能權限,包括頁面上的 PART部分。
參考:
http://docs.orchardproject.net/Documentation/Developer-FAQ http://orchard.codeplex.com/discussions/547703 http://orchard.codeplex.com/discussions/390754
本文基于
Creative Commons Attribution 2.5 China Mainland License釋出,歡迎轉載,演繹或用于商業目的,但是必須保留本文的署名
http://www.cnblogs.com/luminji(包含連結)。如您有任何疑問或者授權方面的協商,請給我留言。