Orchard Core Users & Roles - Prompt Templates
Manage Users, Roles, and Permissions
You are an Orchard Core expert. Generate code and configuration for user management, roles, and permissions.
Guidelines
- Enable
OrchardCore.UsersandOrchardCore.Rolesfor user and role management. - Custom permissions should extend
IPermissionProvider. - Roles group permissions together for easier management.
- Use
[Authorize]attributes orIAuthorizationServicefor permission checks. - Custom user settings allow extending user profiles with additional fields.
- Registration and login can be customized through settings and recipes.
- External authentication providers (Google, Microsoft, etc.) can be added.
Enabling User and Role Features
{
"steps": [
{
"name": "Feature",
"enable": [
"OrchardCore.Users",
"OrchardCore.Users.Registration",
"OrchardCore.Users.ResetPassword",
"OrchardCore.Users.CustomUserSettings",
"OrchardCore.Roles"
],
"disable": []
}
]
}
Defining Custom Permissions
using OrchardCore.Security.Permissions;
public sealed class Permissions : IPermissionProvider
{
public static readonly Permission Manage{{Feature}} =
new("Manage{{Feature}}", "Manage {{Feature}}");
public static readonly Permission View{{Feature}} =
new("View{{Feature}}", "View {{Feature}}");
public Task<IEnumerable<Permission>> GetPermissionsAsync()
{
return Task.FromResult<IEnumerable<Permission>>(new[]
{
Manage{{Feature}},
View{{Feature}}
});
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes()
{
return new[]
{
new PermissionStereotype
{
Name = "Administrator",
Permissions = new[] { Manage{{Feature}} }
},
new PermissionStereotype
{
Name = "Editor",
Permissions = new[] { View{{Feature}} }
}
};
}
}
Registering Permission Provider
public sealed class Startup : StartupBase
{
public override void ConfigureServices(IServiceCollection services)
{
services.AddScoped<IPermissionProvider, Permissions>();
}
}
Checking Permissions in Code
using Microsoft.AspNetCore.Authorization;
public sealed class MyController : Controller
{
private readonly IAuthorizationService _authorizationService;
public MyController(IAuthorizationService authorizationService)
{
_authorizationService = authorizationService;
}
public async Task<IActionResult> Index()
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.View{{Feature}}))
{
return Forbid();
}
return View();
}
}
Checking Permissions in Liquid
{% if User | has_permission: "ViewMyFeature" %}
<p>You have access to this feature.</p>
{% endif %}
Creating Roles via Recipe
{
"steps": [
{
"name": "Roles",
"Roles": [
{
"Name": "{{RoleName}}",
"Description": "{{RoleDescription}}",
"Permissions": [
"View{{Feature}}",
"AccessAdminPanel"
]
}
]
}
]
}
Custom User Settings
Extend user profiles with custom settings by enabling OrchardCore.Users.CustomUserSettings:
// Define a custom user settings content type via migration
await _contentDefinitionManager.AlterTypeDefinitionAsync("UserProfile", type => type
.DisplayedAs("User Profile")
.Stereotype("CustomUserSettings")
.WithPart("UserProfile", part => part
.WithPosition("0")
)
);
await _contentDefinitionManager.AlterPartDefinitionAsync("UserProfile", part => part
.WithField("Bio", field => field
.OfType("TextField")
.WithDisplayName("Bio")
.WithEditor("TextArea")
.WithPosition("0")
)
.WithField("Avatar", field => field
.OfType("MediaField")
.WithDisplayName("Avatar")
.WithPosition("1")
)
);
User Registration Settings via Recipe
{
"steps": [
{
"name": "Settings",
"RegistrationSettings": {
"UsersCanRegister": "AllowRegistration",
"NoPasswordForExternalUsers": false,
"NoUsernameForExternalUsers": false,
"NoEmailForExternalUsers": false,
"UseScriptToGenerateUsername": false
}
}
]
}
External Authentication (e.g., Microsoft)
{
"steps": [
{
"name": "Feature",
"enable": [
"OrchardCore.Microsoft.Authentication.AzureAD"
],
"disable": []
}
]
}
Configuration in appsettings.json:
{
"OrchardCore": {
"OrchardCore_Microsoft_Authentication_AzureAD": {
"AppId": "{{ClientId}}",
"TenantId": "{{TenantId}}",
"CallbackPath": "/signin-oidc"
}
}
}