Orchard CMS front-end all possible content filtering by user permissions

Question

Good day!

In my Orchard, I have several content types all with my custom part attached. This part defines to what users this content is available. For each logged user there is external service, which defines what content user can or cannot access. Now I need access restriction to apply everywhere where orchard display content lists, this includes results by specific tag from a tag cloud, or results listed from Taxonomy term. I seems can’t find any good way to do it except modifying TaxonomyServices code as well as TagCloud services, to join also my part and filter by it. Is this indeed the only way to do it or there are other solutions? I would like to avoid doing changes to built-in modules if possible but cannot find other way.

Thanks in advance.

Answer 1

I'm currently bumbling around with the same issue. One way I'm currently looking at is to hook into the content manager.

[OrchardSuppressDependency("Orchard.ContentManagement.DefaultContentManager")]
    public class ModContentManager : DefaultContentManager, IContentManager
    {
        //private readonly Lazy<IShapeFactory> _shapeFactory;
        private readonly IModAuthContext _modAuthContext;

        public ModContentManager(IComponentContext context,
            IRepository<ContentTypeRecord> contentTypeRepository,
            IRepository<ContentItemRecord> contentItemRepository,
            IRepository<ContentItemVersionRecord> contentItemVersionRepository,
            IContentDefinitionManager contentDefinitionManager,
            ICacheManager cacheManager,
            Func<IContentManagerSession> contentManagerSession,
            Lazy<IContentDisplay> contentDisplay,
            Lazy<ISessionLocator> sessionLocator,
            Lazy<IEnumerable<IContentHandler>> handlers,
            Lazy<IEnumerable<IIdentityResolverSelector>> identityResolverSelectors,
            Lazy<IEnumerable<ISqlStatementProvider>> sqlStatementProviders,
            ShellSettings shellSettings,
            ISignals signals,
            //Lazy<IShapeFactory> shapeFactory, 
            IModAuthContext modAuthContext)
            : base(context,
                contentTypeRepository,
                contentItemRepository,
                contentItemVersionRepository,
                contentDefinitionManager,
                cacheManager,
                contentManagerSession,
                contentDisplay,
                sessionLocator,
                handlers,
                identityResolverSelectors,
                sqlStatementProviders,
                shellSettings,
                signals) {
            //_shapeFactory = shapeFactory;
            _modAuthContext = modAuthContext;
        }

        public new dynamic BuildDisplay(IContent content, string displayType = "", string groupId = "") {
            // So you could do something like... 
            // var myPart = content.As<MyAuthoPart>();
            // if(!myPart.IsUserAuthorized)...
            // then display something else or display nothing (I think returning null works for this but 
            //don't quote me on that. Can always return a random empty shape)

            // else return base.BuildDisplay(content, displayType, groupId);

            // ever want to display a shape based on the name...
            //dynamic shapes = _shapeFactory.Value;
        }
    }
}

Could also hook into the IAuthorizationServiceEventHandler, which is activated before in the main ItemController and do a check to see if you are rendering a projection or taxonomy list set a value to tell your content manager to perform checks else just let them through. Might help :)