1

I have a module which in the AuthorizationServiceEventHandler Checking or Complete Events i'm sending a request to an external API which gives me some instructions like what modules should be enabled/displayed to the user .

The appraoch i want to follow is storing this instructions somewhere probably on the cache and then whenever a Service module Exposed being requested by the user (through a controller ) the module will check the instructions using the CacheManager .
the problem with the standard Permissions answered by ViRuSTriNiTy is the instructions or permissions may changes depending on other permission (like if permission A is granted the permission C is also granted ) and this instructions are decided by an external API and will be changing all the time .

i'm trying for days to find a proper way or approach to follow to achieve this .

This Illustrate what my module will be doing . ViRuSTriNiTy

So the API will not be giving specifically that module 1 and module 3 should be enabled, it will only gives you instructions . House should be replaced by hospital

EDIT 1: what i meant by house should be hopistal in the picture Api responds with Hopistal instead of house i just messed it up .

EDIT 2: what i want to achieve is a module which control what modules should be available to a specific user, every user has different characteristics which the API will examine and decide what values will be returned to the module , and the module then depending on those instructions will determine which modules will be available to the user .

E.g a user which has no house will not use the House module like permissions the module will returns an Unauthorized httpcode with a styled message : You have no house .

ViRuSTriNiTy
  • 5,017
  • 2
  • 32
  • 58
buff
  • 331
  • 2
  • 13
  • It's pretty unclear what you are asking. Can you give a concrete example on how the external API sends the instruction and how a module would check a instruction? Please edit your question when possible. – ViRuSTriNiTy Jan 24 '18 at 14:11
  • @ViRuSTriNiTy it will be sending a json format which i will be parsing on the module – buff Jan 24 '18 at 14:13
  • @Kresi That's not an example. With example i mean something like your last sentence`House should be replaced by hospital` but with some context. – ViRuSTriNiTy Jan 24 '18 at 14:14
  • @ViRuSTriNiTy I Edited my question – buff Jan 24 '18 at 14:48

1 Answers1

0

I think you need to define some permissions first.

Example:

Permission A in Module House: CanAccess

Permission B in Module Children: CanAccess

Now in your handler you can get the module from the permission and then ask the API to return the appropriate value.

Permission House.CanAccess > Module House -> ExternalAPI.CanAccess(House) -> return from handler as needed

ViRuSTriNiTy
  • 5,017
  • 2
  • 32
  • 58
  • this may works but will means to apply this on every module that currently exist and all modules which will comes later . i'm really trying to find a way to separate this in a separate module. – buff Jan 24 '18 at 15:18
  • Maybe you should use something like `IRequestFilter` or `IActionFilter` to catch requests globally and then redirect as needed? https://stackoverflow.com/q/16561962/3936440 – ViRuSTriNiTy Jan 25 '18 at 06:28
  • It feels like you may want to do what @ViRuSTriNiTy suggests, and add to that an override of both RolesBasedAuthorizationService and Permission. Your own permissions would be processed in your service as API calls, while more conventional Orchard permissions could still use the RolesBasedAuthorizationService that is normally used (provided you call base.Method in method overrides) – Bovaz Feb 14 '18 at 13:58
  • Basically, you would have that service override in your ModuleX from the picture in the question. – Bovaz Feb 14 '18 at 13:59