Fix SiteOwner claim for OpenId (#17087)

OrchardCMS · Nov 28, 2024 · bf6115e · bf6115e
1 parent 2355c10
commit bf6115e
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 21 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/OrchardCore.OpenId.csproj b/src/OrchardCore.Modules/OrchardCore.OpenId/OrchardCore.OpenId.csproj
@@ -25,6 +25,7 @@
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.OpenId.Core\OrchardCore.OpenId.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Recipes.Abstractions\OrchardCore.Recipes.Abstractions.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.ResourceManagement\OrchardCore.ResourceManagement.csproj" />
+    <ProjectReference Include="..\..\OrchardCore\OrchardCore.Roles.Core\OrchardCore.Roles.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Users.Abstractions\OrchardCore.Users.Abstractions.csproj" />
   </ItemGroup>
 

diff --git a/src/OrchardCore.Modules/OrchardCore.Roles/Services/RoleClaimsProvider.cs b/src/OrchardCore.Modules/OrchardCore.Roles/Services/RoleClaimsProvider.cs
@@ -35,15 +35,17 @@ public async Task GenerateAsync(IUser user, ClaimsIdentity claims)
 
         var isAdministrator = false;
 
-        if (await _userManager.IsInRoleAsync(user, await _systemRoleNameProvider.GetAdminRoleAsync()))
-        {
-            claims.AddClaim(StandardClaims.SiteOwner);
+        var roleNames = await _userManager.GetRolesAsync(user);
 
-            isAdministrator = true;
+        foreach (var roleName in roleNames)
+        {
+            if (await _systemRoleNameProvider.IsAdminRoleAsync(roleName))
+            {
+                isAdministrator = true;
+                break;
+            }
         }
 
-        var roleNames = await _userManager.GetRolesAsync(user);
-
         foreach (var roleName in roleNames)
         {
             claims.AddClaim(new Claim(_identityOptions.ClaimsIdentity.RoleClaimType, roleName));

diff --git a/src/OrchardCore.Modules/OrchardCore.Settings/OrchardCore.Settings.csproj b/src/OrchardCore.Modules/OrchardCore.Settings/OrchardCore.Settings.csproj
@@ -23,6 +23,7 @@
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Navigation.Core\OrchardCore.Navigation.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Liquid.Abstractions\OrchardCore.Liquid.Abstractions.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Recipes.Abstractions\OrchardCore.Recipes.Abstractions.csproj" />
+    <ProjectReference Include="..\..\OrchardCore\OrchardCore.Roles.Core\OrchardCore.Roles.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Settings.Core\OrchardCore.Settings.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Setup.Abstractions\OrchardCore.Setup.Abstractions.csproj" />
   </ItemGroup>

diff --git a/src/OrchardCore.Modules/OrchardCore.Settings/Services/SuperUserHandler.cs b/src/OrchardCore.Modules/OrchardCore.Settings/Services/SuperUserHandler.cs
@@ -1,5 +1,6 @@
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
+using OrchardCore.Roles;
 using OrchardCore.Security;
 
 namespace OrchardCore.Settings.Services;
@@ -10,10 +11,14 @@ namespace OrchardCore.Settings.Services;
 public class SuperUserHandler : IAuthorizationHandler
 {
     private readonly ISiteService _siteService;
+    private readonly ISystemRoleNameProvider _systemRoleNameProvider;
 
-    public SuperUserHandler(ISiteService siteService)
+    public SuperUserHandler(
+        ISiteService siteService,
+        ISystemRoleNameProvider systemRoleNameProvider)
     {
         _siteService = siteService;
+        _systemRoleNameProvider = systemRoleNameProvider;
     }
 
     public async Task HandleAsync(AuthorizationHandlerContext context)
@@ -25,7 +30,7 @@ public async Task HandleAsync(AuthorizationHandlerContext context)
             return;
         }
 
-        if (user.HasClaim(StandardClaims.SiteOwner.Type, StandardClaims.SiteOwner.Value))
+        if (user.IsInRole(await _systemRoleNameProvider.GetAdminRoleAsync()))
         {
             SucceedAllRequirements(context);
 

diff --git a/src/OrchardCore.Modules/OrchardCore.Settings/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Settings/Startup.cs
@@ -11,6 +11,7 @@
 using OrchardCore.Recipes;
 using OrchardCore.Recipes.Services;
 using OrchardCore.ResourceManagement;
+using OrchardCore.Roles;
 using OrchardCore.Security.Permissions;
 using OrchardCore.Settings.Deployment;
 using OrchardCore.Settings.Drivers;
@@ -65,7 +66,9 @@ public override void ConfigureServices(IServiceCollection services)
 
         services.AddScoped<ISetupEventHandler, SetupEventHandler>();
         services.AddPermissionProvider<Permissions>();
-        services.AddScoped<IAuthorizationHandler, SuperUserHandler>();
+
+        services.AddRolesCoreServices()
+            .AddScoped<IAuthorizationHandler, SuperUserHandler>();
 
         services.AddRecipeExecutionStep<SettingsStep>();
         services.AddSingleton<ISiteService, SiteService>();

diff --git a/src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/StandardClaims.cs b/src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/StandardClaims.cs
diff --git a/src/OrchardCore/OrchardCore.Roles.Core/ServiceCollectionExtensions.cs b/src/OrchardCore/OrchardCore.Roles.Core/ServiceCollectionExtensions.cs
@@ -1,11 +1,14 @@
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace OrchardCore.Roles;
 
 public static class ServiceCollectionExtensions
 {
     public static IServiceCollection AddRolesCoreServices(this IServiceCollection services)
     {
-        return services.AddSingleton<ISystemRoleNameProvider, DefaultSystemRoleNameProvider>();
+        services.TryAddSingleton<ISystemRoleNameProvider, DefaultSystemRoleNameProvider>();
+
+        return services;
     }
 }