[Enhancement]: More detailed permissions

[tvatavuk]

Is there an existing issue for this?

• I have searched the existing issues

Description of problem

Core page permissions are "VIEW" and "EDIT". This is adequate for basic websites, but for any more significant implementation, we need to provide page permissions at a more detailed level. We need separate page permissions for adding new pages, editing existing pages, deleting, copying, exporting, importing, managing settings, etc.

Description of solution

CorePermissionProvider in DNN Platform inherits PermissionProvider, which already has a significant amount of code supporting and handling detailed permissions.

// Folder Permission Keys
private const string AdminFolderPermissionKey = "WRITE";
private const string AddFolderPermissionKey = "WRITE";
private const string BrowseFolderPermissionKey = "BROWSE";
private const string CopyFolderPermissionKey = "WRITE";
private const string DeleteFolderPermissionKey = "WRITE";
private const string ManageFolderPermissionKey = "WRITE";
private const string ViewFolderPermissionKey = "READ";

// Module Permission Keys
private const string AdminModulePermissionKey = "EDIT";
private const string ContentModulePermissionKey = "EDIT";
private const string DeleteModulePermissionKey = "EDIT";
private const string ExportModulePermissionKey = "EDIT";
private const string ImportModulePermissionKey = "EDIT";
private const string ManageModulePermissionKey = "EDIT";
private const string ViewModulePermissionKey = "VIEW";

// Page Permission Keys
private const string AddPagePermissionKey = "EDIT";
private const string AdminPagePermissionKey = "EDIT";
private const string ContentPagePermissionKey = "EDIT";
private const string CopyPagePermissionKey = "EDIT";
private const string DeletePagePermissionKey = "EDIT";
private const string ExportPagePermissionKey = "EDIT";
private const string ImportPagePermissionKey = "EDIT";
private const string ManagePagePermissionKey = "EDIT";
private const string NavigatePagePermissionKey = "VIEW";
private const string ViewPagePermissionKey = "VIEW";

After reviewing the PermissionProvider code, it looks like most of the functionality is already present, with the missing part related to setup, configuration, and UI exposure.

For configuration, we can create a new DetailedPermissionProvider that will also inherit PermissionProvider and adjust detailed permissions for use in the DNN Platform.

This can be configured in the usual way in web.config.

<permissions defaultProvider="DetailedPermissionProvider">
  <providers>
    <clear />
    <add name="CorePermissionProvider" type="DotNetNuke.Security.Permissions.CorePermissionProvider, DotNetNuke" providerPath="~\Providers\PermissionProviders\CorePermissionProvider\" />
    <add name="DetailedPermissionProvider" type="DotNetNuke.Security.Permissions.DetailedPermissionProvider, DotNetNuke" providerPath="~\Providers\PermissionProviders\DetailedPermissionProvider\" />
  </providers>
</permissions>

The first part is to find the correct permission keys that will function as required with the existing code in the DNN Platform. Based on existing constant names and after a detailed code review and testing, here are the suggested permission keys:

// Folder Permission Keys
private const string AdminFolderPermissionKey = "WRITE";
private const string AddFolderPermissionKey = "ADD"; // "WRITE";
private const string BrowseFolderPermissionKey = "BROWSE";
private const string CopyFolderPermissionKey = "COPY"; // "WRITE";
private const string DeleteFolderPermissionKey = "DELETE"; // "WRITE";
private const string ManageFolderPermissionKey = "MANAGE"; // "WRITE";
private const string ViewFolderPermissionKey = "READ";

// Module Permission Keys
private const string AdminModulePermissionKey = "EDIT";
private const string ContentModulePermissionKey = "CONTENT"; // "EDIT";
private const string DeleteModulePermissionKey = "DELETE"; // "EDIT";
private const string ExportModulePermissionKey = "EXPORT"; // "EDIT";
private const string ImportModulePermissionKey = "IMPORT"; // "EDIT";
private const string ManageModulePermissionKey = "MANAGE"; // "EDIT";
private const string ViewModulePermissionKey = "VIEW";

// Page Permission Keys
private const string AddPagePermissionKey = "ADD"; // "EDIT";
private const string AdminPagePermissionKey = "EDIT";
private const string ContentPagePermissionKey = "CONTENT"; // "EDIT";
private const string CopyPagePermissionKey = "COPY"; // "EDIT";
private const string DeletePagePermissionKey = "DELETE"; // "EDIT";
private const string ExportPagePermissionKey = "EXPORT"; // "EDIT";
private const string ImportPagePermissionKey = "IMPORT"; // "EDIT";
private const string ManagePagePermissionKey = "MANAGE"; // "EDIT";
private const string NavigatePagePermissionKey = "NAVIGATE"; // "VIEW";
private const string ViewPagePermissionKey = "VIEW";

To expose these detailed permissions in the DNN Platform UI and else, it is necessary to correctly populate the Permission table. Again based on existing values, with little guessing and after some testing I find that following values could work. For [PermissionCode] column values, SYSTEM_FOLDER is for Folder Permissions, SYSTEM_MODULE_DEFINITION is for Module Permissions, and SYSTEM_TAB is for Page Permissions. The [ModuleDefID] value is -1, and the [PermissionKey] uses the exact permission key constant from the C# code. The [PermissionName] value is based on the PermissionKey. Every other column values are common for DNN Platform, not very significant and are easy to populate.

It looks that this is all necessary to expose detailed permissions to end users in the DNN Platform.

Description of alternatives considered

DetailedPermissionProvider can be packaged as a DNN Extension and installed as any other addon.

Anything else?

No response

Do you be plan to contribute code for this enhancement?

• Yes

Would you be interested in sponsoring this enhancement?

• Yes

Code of Conduct

• I agree to follow this project's Code of Conduct

[iJungleboy]

See also blog post https://2sxc.org/en/blog/post/hidden-dnn-gem-detailed-permissions

[tvatavuk]

AdvancedPermissionProvider implemented backend support for advanced roles, specifically Content Editors and Content Managers. The feature inherited from the existing PermissionProvider, ensuring compatibility and leveraging current functionalities to offer a comprehensive solution for managing detailed permissions.

[iJungleboy]

@tvatavuk the commit tvatavuk@2a887bd still seems to call it Detailed... - if this is the latest, I recommend to rename to Advanced...