OrchardCMS · MikeAlhayek · Jan 9, 2025 · Nov 27, 2024 · Nov 27, 2024 · Nov 27, 2024
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -145,6 +145,7 @@
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Owin" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="9.0.0" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authorization" Version="9.0.0" />
 
     <!-- dotnet/extensions repository -->
     <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="9.0.0" />
@@ -164,7 +165,8 @@
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.11" />
     <PackageVersion Include="Microsoft.AspNetCore.Owin" Version="8.0.11" />
     <PackageVersion Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="8.0.11" />
-
+    <PackageVersion Include="Microsoft.AspNetCore.Authorization" Version="8.0.11" />
+
     <!-- dotnet/extensions repository -->
     <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="8.10.0" />
 

diff --git a/OrchardCore.sln b/OrchardCore.sln
@@ -532,6 +532,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OrchardCore.UrlRewriting.Ab
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OrchardCore.UrlRewriting.Core", "src\OrchardCore\OrchardCore.UrlRewriting.Core\OrchardCore.UrlRewriting.Core.csproj", "{7B18DD99-A7BB-4297-8679-D87289758756}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "OrchardCore.Roles.Abstractions", "src\OrchardCore\OrchardCore.Roles.Abstractions\OrchardCore.Roles.Abstractions.csproj", "{F5E7DCC3-12C2-4363-9702-639561A8101C}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -1408,6 +1410,10 @@ Global
 		{7B18DD99-A7BB-4297-8679-D87289758756}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7B18DD99-A7BB-4297-8679-D87289758756}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{7B18DD99-A7BB-4297-8679-D87289758756}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F5E7DCC3-12C2-4363-9702-639561A8101C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F5E7DCC3-12C2-4363-9702-639561A8101C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F5E7DCC3-12C2-4363-9702-639561A8101C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F5E7DCC3-12C2-4363-9702-639561A8101C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1651,6 +1657,7 @@ Global
 		{D0F8B342-BDA8-44CB-AA43-7A65C79636A2} = {A066395F-6F73-45DC-B5A6-B4E306110DCE}
 		{675C8A76-C64F-47EC-B4F5-06D4F2D9662A} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
 		{7B18DD99-A7BB-4297-8679-D87289758756} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
+		{F5E7DCC3-12C2-4363-9702-639561A8101C} = {F23AC6C2-DE44-4699-999D-3C478EF3D691}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {46A1D25A-78D1-4476-9CBF-25B75E296341}

diff --git a/src/OrchardCore.Modules/OrchardCore.Cors/OrchardCore.Cors.csproj b/src/OrchardCore.Modules/OrchardCore.Cors/OrchardCore.Cors.csproj
@@ -13,6 +13,7 @@
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Navigation.Core\OrchardCore.Navigation.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Admin.Abstractions\OrchardCore.Admin.Abstractions.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.DisplayManagement\OrchardCore.DisplayManagement.csproj" />
+    <ProjectReference Include="..\..\OrchardCore\OrchardCore.Roles.Abstractions\OrchardCore.Roles.Abstractions.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Users.Core\OrchardCore.Users.Core.csproj" />
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.ResourceManagement\OrchardCore.ResourceManagement.csproj" />
   </ItemGroup>

diff --git a/...sers/Services/RoleAuthorizationHandler.cs → ...oles/Handlers/RoleAuthorizationHandler.cs b/...sers/Services/RoleAuthorizationHandler.cs → ...oles/Handlers/RoleAuthorizationHandler.cs
diff --git a/...ces/RoleTwoFactorAuthenticationHandler.cs → ...ers/RoleTwoFactorAuthenticationHandler.cs b/...ces/RoleTwoFactorAuthenticationHandler.cs → ...ers/RoleTwoFactorAuthenticationHandler.cs
diff --git a/...s/Services/UserRoleRemovedEventHandler.cs → ...s/Handlers/UserRoleRemovedEventHandler.cs b/...s/Services/UserRoleRemovedEventHandler.cs → ...s/Handlers/UserRoleRemovedEventHandler.cs
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Roles/Services/RolesAdminListFilterProvider.cs b/src/OrchardCore.Modules/OrchardCore.Users/Roles/Services/RolesAdminListFilterProvider.cs
@@ -0,0 +1,39 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using OrchardCore.Security.Services;
+using OrchardCore.Users.Indexes;
+using OrchardCore.Users.Models;
+using YesSql.Filters.Query;
+using YesSql.Services;
+
+namespace OrchardCore.Users.Services;
+
+public sealed class RolesAdminListFilterProvider : IUsersAdminListFilterProvider
+{
+    public void Build(QueryEngineBuilder<User> builder)
+    {
+        builder.WithNamedTerm("role-restriction", builder => builder
+            .OneCondition(async (contentType, query, ctx) =>
+            {
+                var context = (UserQueryContext)ctx;
+
+                var httpContextAccessor = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>();
+                var authorizationService = context.ServiceProvider.GetRequiredService<IAuthorizationService>();
+                var roleService = context.ServiceProvider.GetRequiredService<IRoleService>();
+
+                var user = httpContextAccessor.HttpContext?.User;
+
+                if (user != null && !await authorizationService.AuthorizeAsync(user, CommonPermissions.ListUsers))
+                {
+                    // At this point the user cannot see all users, so lets see what role does he have access too and filter by them.
+                    var accessibleRoles = (await roleService.GetAssignableRolesAsync()).Select(x => x.RoleName);
+
+                    query.With<UserByRoleNameIndex>(index => index.RoleName.IsIn(accessibleRoles));
+                }
+
+                return query;
+            }).AlwaysRun()
+        );
+    }
+}
diff --git a/.../OrchardCore.Users/UserRolePermissions.cs → ...ers/Roles/Services/UserRolePermissions.cs b/.../OrchardCore.Users/UserRolePermissions.cs → ...ers/Roles/Services/UserRolePermissions.cs
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Services/RolesAdminListFilterProvider.cs b/src/OrchardCore.Modules/OrchardCore.Users/Services/RolesAdminListFilterProvider.cs
diff --git a/src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/Services/RoleHelper.cs b/src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/Services/RoleHelper.cs
diff --git a/...astructure.Abstractions/Security/IRole.cs → ...e/OrchardCore.Roles.Abstractions/IRole.cs b/...astructure.Abstractions/Security/IRole.cs → ...e/OrchardCore.Roles.Abstractions/IRole.cs
diff --git a/...ions/Security/IRoleCreatedEventHandler.cs → ....Abstractions/IRoleCreatedEventHandler.cs b/...ions/Security/IRoleCreatedEventHandler.cs → ....Abstractions/IRoleCreatedEventHandler.cs
diff --git a/...ions/Security/IRoleRemovedEventHandler.cs → ....Abstractions/IRoleRemovedEventHandler.cs b/...ions/Security/IRoleRemovedEventHandler.cs → ....Abstractions/IRoleRemovedEventHandler.cs
diff --git a/...actions/Security/Services/IRoleService.cs → ...rdCore.Roles.Abstractions/IRoleService.cs b/...actions/Security/Services/IRoleService.cs → ...rdCore.Roles.Abstractions/IRoleService.cs
diff --git a/...ore.Roles.Core/ISystemRoleNameProvider.cs → ...s.Abstractions/ISystemRoleNameProvider.cs b/...ore.Roles.Core/ISystemRoleNameProvider.cs → ...s.Abstractions/ISystemRoleNameProvider.cs
diff --git a/src/OrchardCore/OrchardCore.Roles.Abstractions/OrchardCore.Roles.Abstractions.csproj b/src/OrchardCore/OrchardCore.Roles.Abstractions/OrchardCore.Roles.Abstractions.csproj
@@ -0,0 +1,23 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <RootNamespace>OrchardCore.Roles</RootNamespace>
+    <!-- NuGet properties-->
+    <Title>OrchardCore Roles Abstractions</Title>
+    <Description>
+      $(OCCMSDescription)
+
+      Abstractions for OrchardCoreCMS Roles
+    </Description>
+    <PackageTags>$(PackageTags) OrchardCoreCMS Roles Abstractions</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\OrchardCore.Infrastructure.Abstractions\OrchardCore.Infrastructure.Abstractions.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/...rastructure.Abstractions/Security/Role.cs → ...re/OrchardCore.Roles.Abstractions/Role.cs b/...rastructure.Abstractions/Security/Role.cs → ...re/OrchardCore.Roles.Abstractions/Role.cs
diff --git a/...ucture.Abstractions/Security/RoleClaim.cs → ...chardCore.Roles.Abstractions/RoleClaim.cs b/...ucture.Abstractions/Security/RoleClaim.cs → ...chardCore.Roles.Abstractions/RoleClaim.cs
diff --git a/...ecurity/Services/RoleServiceExtensions.cs → ...les.Abstractions/RoleServiceExtensions.cs b/...ecurity/Services/RoleServiceExtensions.cs → ...les.Abstractions/RoleServiceExtensions.cs
@@ -49,12 +49,4 @@ public static async Task<IEnumerable<IRole>> GetAccessibleRolesAsync(this IRoleS
 
         return accessibleRoles;
     }
-
-    [Obsolete("This method is obsolete and will be removed in future releases.")]
-    public static async Task<IEnumerable<string>> GetAccessibleRoleNamesAsync(this IRoleService roleService, IAuthorizationService authorizationService, ClaimsPrincipal user, Permission permission)
-    {
-        var roles = await roleService.GetAccessibleRolesAsync(authorizationService, user, permission);
-
-        return roles.Select(x => x.RoleName);
-    }
 }
diff --git a/src/OrchardCore/OrchardCore.Roles.Core/OrchardCore.Roles.Core.csproj b/src/OrchardCore/OrchardCore.Roles.Core/OrchardCore.Roles.Core.csproj
@@ -22,6 +22,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\..\OrchardCore\OrchardCore.Infrastructure.Abstractions\OrchardCore.Infrastructure.Abstractions.csproj" />
+    <ProjectReference Include="..\OrchardCore.Roles.Abstractions\OrchardCore.Roles.Abstractions.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/...Core.Users.Core/Services/NullRoleStore.cs → ...Core.Roles.Core/Services/NullRoleStore.cs b/...Core.Users.Core/Services/NullRoleStore.cs → ...Core.Roles.Core/Services/NullRoleStore.cs
diff --git a/...rdCore.Users.Core/Services/RoleService.cs → ...rdCore.Roles.Core/Services/RoleService.cs b/...rdCore.Users.Core/Services/RoleService.cs → ...rdCore.Roles.Core/Services/RoleService.cs