Our blog contains the activity stream of Orchard Dojo: general news, new resources or tutorials are announced here.

Featured tags

IIS
API
All tags >

Tenant APIs improvements, MiniProfiler visibility based on permissions - This week in Orchard (10/03/2023)

The MiniProfiler visibility is now based on permissions, tenant APIs improvements, and using ListContent permission instead of ViewContent to see the content items list. Interested in the details? Well, then check out our post for the details! Orchard Core updates MiniProfiler visibility based on permissions MiniProfiler is a library and UI for profiling your application. By letting you see where your time is spent, which queries are run, and any other custom timings you want to add, MiniProfiler helps you debug issues and optimize performance. And MiniProfiler is a built-in feature in Orchard Core that has some updates. Let's say an admin needs to profile a production instance. Enabling MiniProfiler for everyone to see is not acceptable in most cases. Also, a user may want to profile an ajax request to analyze a query or other info. The solution here is to provide new permissions when you enable the Mini Profiler feature. If you navigate to Security -> Roles and hit Edit near any role, you can see the new permissions which enable you to view the Mini Profiler widget on the back end and the front-end pages. Tenant APIs improvements Orchard Core tenant APIs got several updates lately. First of all, there was no way to update some tenant settings from API calls. Meaning, the tenant's category was missing in the ApiController. We should be able to set a tenant's description via an API call, so this property is now included in the sent model. Another improvement is the new Edit endpoint because there was no way to update tenant settings from API calls. The new Edit endpoint in the Tenant's ApiController takes care of this and enables us to modify the tenant settings either if the tenant is uninitialized or running. The updateable properties are the same as what is displayed on the tenant editor on the Admin UI. Use ListContent permission instead of ViewContent Currently, we use View Content as a minimal permission to list the contents in the content items UI. We use the same permission to also show the Content -> Content Items admin menu. Here the List Content permission should be used, not View Content. What if someone wants to allow a user to view content using a direct link but does not want them to list the contents in the UI? Currently, this isn't possible. Additionally, ViewContent is granted to all Anonymous and Authenticated roles, which is fine. But, access to list contents should be granted by the ListContent permission to avoid allowing listing content without explicit permission grant. If you check out the change logs in the docs of the upcoming release, you can read about the updated permissions. News from the community Hastlayer is now fully open-source Hastlayer is being developed by Lombiq Technologies, a software, training, and services company focusing on web development with open Microsoft technologies. Hastlayer transforms .NET software into FPGA-implemented logic circuits. (FPGAs are chips that can mimic other chips.) The result is code that runs faster and uses less power than a code-only solution without sacrificing the ability of further developing your software. Using Hastlayer will optimize your performance and lower the power consumption of hardware, which will bring you more satisfied customers who want your solution and a boost in your company’s revenue. And we have just recently fully open-sourced Hastlayer! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 410 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Orchard Harvest updates, Extend user permissions - This week in Orchard (24/02/2023)

Extending user permissions, updating Localization documentation for the PO extractor tool, and fixing using a media profile the quality parameter had no effect. Check out our post for the latest updates on Orchard Harvest and a new tutorial series from Lombiq! Orchard Core updates Extend user permissions Last September, you could see a demo about extending user permissions. This involved several changes in how we handle users on the site, and we added more permissions to the Users module to make it more usable and robust for many use cases: List users in {0} role Edit users in {0} role Delete users in {0} role Assign users to {0} role Manage user profile settings Also, we now have settings that would allow the user to prevent username and/or email changes on the edit screen. Here is a screenshot of the new settings. If you would like to try out the features mentioned in the linked post, now, you can do that easily by using the nightly build packages of Orchard Core! Update Localization documentation for the extractor tool Hisham Abdullah Bin Ateya released the stable version of the PO Extractor Tool. As you can see in the Readme, this is a dotnet global tool to extract translatable strings from the C# and VB code, Razor templates, and Liquid templates to POT (portable object template) files. It is designed to follow conventions used in the Orchard Core project. The Localization page in the Orchard Core documentation has been updated to reflect the changes, like updating the URL of the tool and the commands that you can use to install the tool and generate PO files. Fix using a media profile the quality parameter had no effect When using the Liquid filter resize_url the quality parameter of a media profile will have no effect for jpg/webp. The issue can easily be fixed by moving the quality parameter behind the format parameter. To fix the resize_url filter a change to the ordering of parameters in OrchardCore.Media.Services.MediaProfileService.GetMediaProfileCommands(string name) is required. And here, you can see this quick fix to make the quality parameter work. Because with Dictionary the order of items is not guaranteed the fix is not regression proof. OrderedDictionary could be used as an alternative, but this would require a reference to System.Collections.Specialized in addition. News from the community Orchard Harvest updates Last year we conducted a survey to help us organize this year's Orchard Harvest conference. We shared the results last month, and based on your feedback, the event will be held in North America. Mike Alhayek also reached us saying he may have the right contact needed to facilitate the event in Las Vegas. Now we needed a date for the conference, and based on the results, the best would be to hold the conference in the Q2 of 2023. If you follow the official Twitter account of Orchard, you may face a poll where the goal was to find the best date. Based on the results, the winner is the option May 22-23 (Mon, Tue). Thanks for voting! Now the next goal is to be able to find the best location in Las Vegas. Also, we are looking for sponsors and contributors for the following: T-shirts. Location. A meet-up after the programs. Recording the presentations. Renting equipment for presentations. Catering. Webpage (we can host the conference site on DotNest for free). If anyone could help in any way that would be really appreciated. Please use the following thread in GitHub Discussions if you feel, you can join in organizing the upcoming Harvest, or if you want to be as updated as possible chime into the discussion! As we move forward, we will keep everyone informed of the details, and you will also find every piece in this newsletter! New tutorial series from Lombiq: DotNest Core Tutorials The Lombiq Hosting - Media Theme for Orchard Core repository contains an open-source project which will allow developers to host their themes in the Orchard Core Media Library, including templates and assets. The inspiration came from our public Orchard (Core) SaaS called DotNest. If you don't know it, you can use this site to sign up and get an Orchard (Core) site with two clicks for everyone. We don't vet who is signing up, so it should be safe, and it should be limited. But still, we want people to be able to have their sites as flexible as possible. And of course, there are a lot of built-in features in Orchard for that, you can do a lot from the admin. Part of the things you can do from the admin as well in a limited fashion is theming. We first wrote about the Media Theme a few weeks ago in this post. Although you can't install custom themes on DotNest (see "Limitations") you still have a lot of control over theming. Using Media Theme you can develop themes using Liquid templates and static assets as usual, from your favorite IDE, working with a local version of your DotNest site, and deploying code to it. Please follow the guidelines of the DotNest Core SDK, and if you prefer tutorial videos instead, check out our brand-new playlist. This playlist called DotNest Core tutorials will contain 5 videos starting with how you can create your first DotNest site and we will also see how to set up your local development environment to style a DotNest site, how to use recipes to keep your local environment up to date and how to deploy your theme to your DotNest site. 3 videos are out, the 2 remaining's will be available during the weekend. Would you like to run your Orchard Core site on DotNest? Create your Orchard Core site with two clicks on DotNest! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 406 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Keep IDisplayManager backward compatible, adding permission check when querying content using GraphQL - This week in Orchard (02/12/2022)

Keep IDisplayManager backward compatible, remove extra spacing around editing contents, flows, and Bag Part, and add a permission check when querying content using GraphQL. Check out our post for the details! Orchard Core updates Keep IDisplayManager backward compatible Let's assume you are using BuildEditor of DisplayManager to create a shape. Now you will find method overload to avoid method not found exception in modules that depends on IDisplayManager. But why is that exception can happen? The BuildEditorAsync and UpdateEditorAsync methods in the IDisplayManager interface now accept a new htmlPrefix parameter, and the groupId is now not an optional one. To keep the IDisplayManager backward compatible, the old methods are marked as obsolete such that old compiled libraries use the obsolete methods, but new code knows it should use the new methods. Remove extra spacing around editing contents, flows, and Bag Part This change introduces some changes in the admin UI. We have some extra spacing around the Bag Part, Widget List, and Flow Part. There was also extra spacing around the create/edit form in the contents and the page title. The goal of this is to fix the inconsistent spacings and make the look and feel of the admin UI nicer. Add permission check when querying content using GraphQL Let's say you want to grant a user permission to be able to query their own content only using GraphQL. However, there seems to be no way to do that like we can do it using the UI. It would be nice to be able to apply the permissions as we do in the UI for GraphQL. So, here comes a new filter that honors their permissions. Also, GraphQLContentOptions.ConfigureContentType(...) had no effect. If the user configures contentType as hidden, we still show it anyway. This was also fixed. News from the community Orchard Harvest 2023 For those who are too young to remember, we had Orchard conferences, called Orchard Harvest. And the conference website was available under orchardharvest.org, but unfortunately, it's not anymore. The last one was in 2017 in New York. So, having another get-together is very much overdue. If you would like to see or get a feeling of how this looked like before, we have a couple of mood videos on the Orchard YouTube channel, like this one from the first conference. The point is that we should really think about organizing the next one, and we at Lombiq can take part in that or provide an organizing role with anybody who wants to take part. If you have any feedback or you are looking forward to having a Harvest again, please share your opinion with us by filling out this survey about the upcoming Orchard Harvest! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 379 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Extend user permissions, add Contained Stereotypes Bag Part Settings - This week in Orchard (30/09/2022)

Add Contained Stereotypes Bag Part Settings to allow a user to include content types by stereotype, add Displayed Stereotypes property to Content Picker Field Settings, demo about extending the user permissions, and many more waiting for you in our current post! Orchard Core updates Add Contained Stereotypes Bag Part Settings to allow a user to include content types by stereotype When attaching Bag Part to a content type, the user must explicitly set Contained Content Types with an array of content types to be included in the Bag Part. This is good for most cases; however, it would be great to allow for setting the contained content types using Stereotype. The stereotype would be in addition to not in place of Contained Content Types. For example, we want to group all Contact Methods (phone number, address, email address, etc.) by a stereotype type called ContactMethod. All of these content types share a similar functionality which is a way to contact a person. Now we created a Person content type and attached a Bag Part to it. In this case, we had to explicitly specify each content type in the Contained Content Types. But if a new content type was added later from other feature/module, the user would have manually to edit the Bag Part settings every time/everywhere ContactMethods are used to add the new content type which isn't efficient. So now the Bag Part is more flexible. And as you can see here, now we have two radio buttons under the Contained Content Types option where the user can select Content Types or Stereotype. Add Displayed Stereotypes property to Content Picker Field Settings And this one is quite the same as the previous feature but for the Content Picker Field. For example, we want to group all to-do items (appointments, meetings) by a stereotype type called ToDoTask. All of these content types share similar functionality which is a to-do task. Now we want to use Content Picker Field in a different content type to allow the user to select a to-do-task of any kind. In this case, we have to explicitly specify each content type in the DisplayedContentTypes. But if a new content type was added later from another feature/module, the user would have to manually edit the Content Picker Field settings all time. Everywhere to-do tasks are used to add the new content type which isn't efficient. So, let's say we navigate to the editor of a Content Picker Field. And here you can say that you can select the Contained Content Types to: Display All Content Types Content Types Stereotype Add settings to form widgets There was a bug in OC. The option editor wasn't loaded when trying to add Select Input while creating a form. Also, the edit button did not open the modal that would allow you to populate the options using JSON. If the content is saved, and the page is loaded again then the modal and the options editor work just fine. Another form-related improvement is validation. When creating a form using the Form input widgets like (Input, Select, and Text Area) there is no easy way to add a label and validation elements to the input. The current approach is to add a label widget and then a validation widget which is not always ideal. We can make this process much simpler by adding settings to the Input, Select, and Text Area widgets with the following properties: LabelOption an enum value with the following values (None, Standard, ScreenReaders). By default, None is selected to keep it backward compatible. ValidationOptions an enum value with the following values (None, Standard). By default, None is selected to keep it backward compatible. Now, if the user selects an option other than None in the settings, we’ll create the label in the same widget block. The same applies to ValidationOptions. This will make things like dragging/dropping widgets during edit and controlling the size much easier. At the same time, we output less HTML code. And if we add the validation rules, we’ll have more validation logic which makes the widgets more useful. And now, the editor of the Select Input looks like the following with the additional options. And of course, the same applies to all of the built-in form inputs. Demos Extend user permissions A couple of months back there was a need reported to have some roles to be able to edit a user and some not. And there is a conclusion that the user interface is not very flexible at the moment with the permissions. So, it kind of makes it hard if you have a unique case where you need some specific users to be able to do stuff. And also, to set up who can see what users, when you are listing the users. To be able to test out this feature with us, you have to check out this PR on GitHub. The first thing that you will notice is the new permissions regarding Users. In this case, we navigated to Security -> Roles and edited the Moderator role. There are new permissions, for example, Assign any role, Delete any user or Delete users in role - Administrator, List all users, etc. So, you can say you can list all the users, but it doesn't mean you will be able to edit all the users. If you try to edit a given user, you will notice something new here. As you can see, the user name of the user is not editable, but you can edit the email address of the given user. This is controlled by settings that you can reach under Configuration -> Settings -> User Profile Settings. As you can see, here you can allow or deny changing the user names or email addresses of the users. But now back to the users' list. Let's say we have some predefined users and made some changes regarding the permissions of the Moderator role. Now, we logged in with a user who has the Moderator role. After that, the user with the Moderator role will see something like this. First of all, you can notice that there is a little badge under every user that shows the roles the user has. You can also see that this user has permission to see users in the Editor role, but they can't edit or delete the editor user. Now let's edit the author user! Here you can see that this user can edit the settings of this user but can't fully manage the roles of the author user. They have the option to add or remove the Author role but that's it, nothing more. And we are just showing you some simple scenarios about what you can achieve and how you can customize the user permissions. If you want to see more complex scenarios, head to YouTube for a recording! News from the community Helping Global Health build an Advanced Form Builder using Form.io When Global Health from Australia approached us with the request to build an advanced form builder using Form.io, it promised to be an interesting project. They were looking to integrate this new form builder deeply into MasterCare+, their Multi-Tenanted SaaS-based platform for Health Care which is built on Orchard CMS. It would allow creating custom forms for a wide range of scenarios in the health care domain, using the advanced editing capabilities of Form.io. The solution built by Lombiq was an important step in bridging the gap between paper forms and electronic health care management. Check out the full post here! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 354 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Admin Culture Picker, Enhance BagPart to honor permissions - This week in Orchard (12/08/2022)

Enhance BagPart to honor permissions, add permissions for the Amazon S3 module, improve the workflow function description in the document, and a demo about the Admin Culture Picker! Let's get started! Orchard Core updates Enhance BagPart to honor permissions Let's say you want some users to be able to add content items to a specific bag while others to only be able to view only existing items. Currently, any content item contained in a BagPart is always editable regardless if the contained item is securable or not. In most cases, this is fine. However, this function should also be extended to honor the security rules when the contained item is securable. This means a user with EditContent permission can add/edit items to the BagPart whereas a user with ViewContent permission only should see the content item as a read-only version "like preview" but should not be able to make any change to it. So, this addition is about enhancing the BagPart to honor permissions for the contained content types. To try this one out, set up a site using the Agency recipe which contains the Landing Page content type which has several BagParts attached. Now, let's say that users with the Editor role will not be able to edit the services section of the Landing Page. Meaning the Editor role will not have Edit permission for the Service content items. We have to do things to achieve this: Edit the Service Content Type and put a tick to the Securable check box. This means this content type can have custom permissions. Edit the permissions of the Editor role. First, revoke the Edit content for others permission. Now, make sure that the Editor has no Edit Service for others permission regarding the Service Content Type. Now we set up that users with the Editor role will not be able to edit securable content types. Let's create a user with this role and log in as this new user. Now, we need to find the predefined Landing Page content item and edit it. As you can see, this user cannot add or edit an existing Service content item by using the editor of the BagPart. They can view the content of these items, but that's all. Notice that they can edit the Portfolio content items under the Services one. Add permissions for the Amazon S3 module A few weeks ago, we mentioned the new Amazon S3 module. The Amazon Media Storage feature enables support for storing assets in Amazon S3 Bucket. The feature replaces the default App_Data file-based media store with an Amazon Media Storage Provider. And now, you will see new permissions for that module called View Amazon S3 Media Options. If you have this permission, you can access the page under Configuration -> Media -> Amazon S3 Options which lists the Amazon S3 storage options. Improve the workflow function description in the document The Workflows module provides a way for users to visually implement business rules using flowchart diagrams. Many activities have settings that can contain either JavaScript or Liquid syntax. The fields of these activities allow you to enter Liquid markup, enabling access to system-wide variables and filters, as well as variables from the workflow execution context. And several JavaScript functions are available by default to any activity that supports script expressions. This page of the documentation lists these functions. And now, this table has been updated with some lines about the setProperty, executeQuery, and log functions. Demos Admin Culture Picker Unless you have a language switcher on website pages, you could not switch a language in the admin panel. This demo is about showing you a dropdown button in the admin panel header to switch languages. First of all, open up the admin UI of Orchard and head to Configuration -> Features, and enable the Admin Culture Picker one, which provides a culture picker shape for the admin. Don't forget to enable the Localization feature too, to be able to try out this culture picker. Now you can say that your site supports multiple cultures. Head to Configuration -> Settings -> Localization -> Cultures and have at least two supported cultures. And as you can see, the dropdown now contains all the cultures that the site supports. You can switch between them, and if you choose a given language, the UI of the admin will be shown by using the words of the given language. If you would like to see this picker in action, head to YouTube for a short demo! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 315 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Support a read-only behavior in the content management screen, visual verification testing in the Lombiq UI Testing Toolbox - This week in Orchard (05/08/2022)

Add password to the user creation form, support a read-only behavior in the content management screen, and a demo about adding visual verification testing in the Lombiq UI Testing Toolbox! Let's get started! Orchard Core updates Add a password to the user creation form By default, apps use basic authentication to authenticate users into their site including Microsoft Identity-based apps. No user is able to authenticate/login without providing a "username" and "password". Alternatively, an admin could enable some sort of external authentication providers like Azure AD or any other providers to avoid the need to manage the authentication by the app directly. These external providers are optional and not enabled by default in Orchard Core, so creating a user with no password by default adds no value since no the user can't log in without one. Currently, when adding a new user using the admin UI, the admin has to create a user and then go to a second view to set/reset their password. This is a very awkward workflow, especially if you want to add many users. Since username/password are required by default for a user to log in, the admin should be required to provide a password rather than creating a useless user with no password. Note, the point here is that password is required to log in by default without having to enable optional additional authentication providers. Let's try it out quickly! Head to the admin UI of Orchard Core and navigate to Security -> Users. Here you will find the Add User button. Click on it! This will navigate you to the create user page, where you can find some new goodies. First of all, you can provide a password for the newly created user here. But you have the option to generate a random secure password or copy the password to the clipboard. Support a read-only behavior in the content management screen The idea here is that both Admin Menu and Content management screens should be viewable if the user has View own X, View X by others, Preview X by others, or List X content item(s) owner by all users permission. Any of these permissions should be enough to display content. View rules should be implied if one has edit, delete or publish permission; you can't delete, edit or publish if you can't view something. Making this change will easily add view-only support to the contents in the admin. Meaning, that if the user has permission to View Blog, we should list the Blog content items in the Manage Content screen, for example. To try this out, we will modify the permissions of the built-in Editor role (Security -> Roles -> Editor -> Edit). As you can see, the Editor now has no Edit content for others and Edit own content permissions, but we set these edit permissions for the Blog Content Type. Meaning the Editor can only edit the Blog content items but can view every other content item. Now, let's log in with a user with the Editor role and navigate to the Manage content screen. As you can see, this user now can see every content item in this list, but the Edit button is only available near the Blog content items. Meaning this list now shows every content item which can be viewed by this user. Demos Visual verification testing in the Lombiq UI Testing Toolbox Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it, when we added some Orchard Core Features tests to it, and when we added the automated monkey testing feature to it. This time we will introduce the Basic Visual verification testing in the Lombiq UI Testing Toolbox for Orchard Core. Lombiq's Open-Source Orchard Core Extensions is an Orchard Core CMS Visual Studio solution that contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries. Please keep in mind that only those extensions included that use the latest released version of Orchard (i.e., the very cutting-edge ones depending on a nightly build are not yet here). This solution contains the Lombiq UI Testing Toolbox as well, so we will use this one for the demo. The BasicVisualVerificationTests.cs contains three different samples about how you can verify the content displayed on your page visually. The first one is about checking the content of the element that has the field-name-blog-image class. The second one is about checking the content of the navbar (the element that has the navbar-brand class), and the third one will check the whole content of the home page. Here you can see the page that we will test. The red texts show you the Navbar and Blog image elements. Let's verify the content of the Navbar! The Navbar contains the site name which we can provide when we set up our site. Let's try to set up our site using a different name than the Lombiq's OSOCE - UI Testing and run the test. Here you can see that the test set up the site using the Lombiq's OSOCE - UI Testing Demo site name, and our visual verification failed since the asserted element looks different from the baseline image. The baseline image was loaded from an embedded resource which you can find in the repository here. If you want a new baseline image, simply delete the existing one, and a new one will be generated on the next run. And that's not all of it! Do you want to know more about this new addition to the Lombiq UI Testing Toolbox for Orchard Core? Then check out the comments of the BasicVisualVerificationTests.cs file and this recording on YouTube! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 309 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Change how the permissions are grouped and sorted, provide a way to override YesSql configuration - This week in Orchard (29/07/2022)

Change how the permissions are grouped and sorted, provide a way to override YesSql configuration and additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages! Check out our current post to read about the details! Orchard Core updates Change how the permissions are grouped and sorted When the permissions are listed during role edit/create, currently we show the feature ID instead of a name. Displaying just the feature ID is not user-friendly. Here the goal is to create a new UI for this and also to order the permissions by Feature Names. Also, for content types, then it would display the content type name instead of its technical value/ID. So, we could display:{ Content Type Display Name } Content Type - { Content Type Technical Name }. In the case of the Blog content type could be My Blog Content Type - Blog. In order to show dynamic permissions as { Content Type Display Name } Content Type - { Content Type Technical Name } we would have to change how the category is set here otherwise we don't have the content type technical name here. But how the new UI looks like now? If you head to the admin UI of Orchard Core and navigate to Security -> Roles and Edit a given role, you will see the new UI. Here you can see we have a feature with the name Media and you can find the feature ID in brackets (they can be defined in the Manifest.cs file of the module). And under the Media (OrchardCore.Media), you can find all of the permissions which were defined in this module. You will find the Page Content Type - Page header at the bottom of this screen. This means the first word here is the Display Name of the Page content type (which is Page) and the last word here is the Technical Name of the Page content type, which is Page. Provide a way to override YesSql configuration Currently, there is no way to change the configuration of YesSql in Orchard Core. From now on you will find a new YesSqlOptions class that provides options to allow one to override the defaults. Added additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages As a basic authorization server, the OpenID module doesn't use all the features/endpoints offered by OpenIddict, like introspection and revocation. As mentioned in openiddict/openiddict-core#1359 (comment), these features can be configured by amending the OpenIddict settings via a custom plugin, but a simpler story - GUI or recipes-based - may be preferable. To see the new changes, enable the OpenID Authorization Server and the OpenID Client features and after navigate to Security -> OpenID Connect -> Settings -> Authorization server. You will find a new Require Proof Key for Code Exchange checkbox on this page, which is a global setting that applies PKCE to all registered clients whether or not the 'Require PKCE' flag was set in the Application settings page. And you can do the same when adding an OpenID Connect Application. You can add a new application under Security -> OpenID Connect -> Management -> Applications. If you click on the Add an application button and put a tick to the Allow Authorization Code Flow checkbox, you will find the Require Proof Key for Code Exchange checkbox here as well. Note: ensure that the client application and OAuth or OIDC library being used supports PKCE before enabling this option. The documentation has also been updated to show you a sample of the OpenID Connect Settings recipe step and a sample of the OpenID Connect App recipe step. News from the community Lombiq Offline event Sometimes it's not just about work but doing something just for fun. These events are specifically for this: we get together and do something cool like breaking out of an escape room, going for a go-kart ride, or playing paintball. Our latest event took place at Lake Velence. We had a nice cycling tour around Lake Velence, had lunch in a nice restaurant, and had a barbecue together at the accommodation. The next day we went on a kayak trip and did a nice trip together to the nearby hills of the lake. This was a great opportunity to update our group photo on our official website, so head to the About us page where you can see most, but not all of our team as of the summer of 2022. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 313 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Fixing in the ContentPickerFieldIndexProvider, Lombiq Base Theme for Orchard Core - This week in Orchard (13/05/2022)

Fixing that unpublishing and editing content item with uninitialized ContentPickerField breaks, renaming ReverseProxySettings permission to ManageReverseProxySettings, and our Base Theme for Orchard Core is officially released! Check out our current post to read about the details! Orchard Core updates Rename ReverseProxySettings permission to ManageReverseProxySettings The Reverse Proxy Configuration module enables the configuration of hosting scenarios with a reverse proxy, like enabling the forwarding of the HTTP header X-Forwarded-For and so on. You can manage these options under Configuration -> Settings -> Reverse Proxy, but you need to have the proper permission to do that. Now this permission has a new name, called Manage Reverse Proxy Settings, that you can manage for every role under Security -> Roles. Unpublishing and editing the content item with an uninitialized ContentPickerField breaks If you have a custom ContentPart that contains a ContentPickerField and it's not initialized (so null) and you try to unpublish the content type, it will say it was unpublished, but that won't be true. If you try to edit and publish the same content item, you will get "An unhandled exception occurred while processing the request." error. Dávid El-Saig realized this can be avoided by giving the field a default value (public ContentPickerField Related { get; set; } = new();), but it's easy to miss, and the resulting symptoms are not easy to connect with the true problem. Steps to reproduce the behavior: Create a content type via migration. Start and set up the web app. Create a new content item of the content type. Add a part (e.g. public class RelatedPart : ContentPart { public ContentPickerField Related { get; set; } }) via migration update step. Start up the web app again. Try to unpublish or edit the content item created in step 3. Experience the bug described above. The expected behavior would be that the unpublishing or editing should be successful. And the problem was the following: the if (jPart == null) and if (jField == null) will never be true because if the value is JSON null, it will be a JValue type, so the cast on the preceding line will cause the exception as you can see on the screenshot. This can be fixed if type matching is used instead of casting. And as you can see, there is a new GetContentFields extension that uses the GetContentField extension which contains using the type matching instead of casting. News from the community Lombiq Base Theme for Orchard Core is officially released Our Base Theme for Orchard Core is now officially released! It contains all the foundations to build Orchard themes efficiently with included detailed samples. It can contain any shared content that is not specific to a specific project's theme. You can find the sample module with a commented walkthrough in this repository here. If you want to quickly try out this project and see it in action, clone our Open-Source Orchard Core Extensions full Orchard Core solution and also see our other useful Orchard Core-related open-source projects! We will clone the Lombiq's Open-Source Orchard Core Extensions repository for this demo as well. If you remember, two weeks ago, we mentioned that the Lombiq Helpful Libraries contains an abstract class called MainMenuNavigationProviderBase for creating a home page menu structure using the main navigation name. If you use the Lombiq.BaseTheme, it automatically displays the generated menu as a widget in the Navigation zone. Now it's time to see it in action! Just run our Open-Source Orchard Core Extensions solution and set up your site using the Agency recipe, for example. After that, you can navigate to Design -> Themes and enable the Lombiq Base Theme and Lombiq Base Theme - Samples themes. You can also make the Samples one as the current site theme. Now let's enable some features. Our home page menu structure will display as a widget in the Navigation zone. To have the MenuWidget, we need to enable the Lombiq Helpful Extensions - Helpful Widgets feature. The HelpfulLibrariesNavigationProvider sits in the Samples project of Helpful Libraries, so we have to enable the Lombiq Helpful Libraries - Samples feature as well. Now we can navigate to the home page of our site. The styling looks quite awful, but that's not the point here. As you can see, the Helpful Libraries drop-down now appears with the submenu items that we defined in the Build method. You can see the special LINQ to DB label, and the divider as well. And of course, you have the option to navigate to the given actions to test out the LinqToDbSamplesController that provides some examples of querying the database with Lombiq.HelpfulLibraries.LinqToDb and the TypedRouteController. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 247 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Orchard Core 1.3.0, fix missing permission checks and encoding - This week in Orchard (24/03/2022)

We are thrilled to announce that Orchard Core 1.3.0 is now available! Check out this post to know everything about the latest release of Orchard Core! Now let's see the newest features and additions of the current release that we will continue next week too! Let's get started! Orchard Core updates Fix missing permission checks and encoding These are security fixes that are fixed with Orchard Core 1.3.0. In this case, the fix targets two major issues. The first is that some authorization checks were not done correctly for some controllers. Here you can see the changes of the AdminController of the Features module. The second change is in the SEO module. There were XSS issues in the module. They were not very critical issues because you have to reach the admin editor to do that, and when you define SEO things for the front-end, you might want to render an HTML. But now it's sanitized for XSS reasons. The properties in the SeoPart are now encoded, in a way that you can use the Shortcodes, but you can't type anything else. You can't write any HTML you want, just the ones that make sense. And there is one special case when you set up the Google Schema: now it's not outputting anything, it's just validating the JSON format that you have provided. And when you create custom Shortcodes now the usage of the Shortcode (which is just some documentation) is now also sanitized, such that you can't inject custom JavaScript code in the description of the Shortcodes and try to hack people on the same admin page. Update full-text search index documentation Orchard Core provides a Lucene module/feature that allows you to do a full-text search on your websites. It is possible to configure which text/data you want to index in the Content Type configuration by using Liquid. And the following guide is helping you with how to implement a website full-text search step by step. And now the page has been updated with the following section: if your content item is also a set of content items, then you need to call the full_text_aspect helper to include the content of the content item inside the full-text search index. Fix NRE with TaxonomyIndex The index runs while cloning a content item, right after an empty content item was created (so before the actual cloning). The fields are there, but all are null. Casting this to JObject fails, as null is a JValue. The solution is that you have to do the casting in another way by using the as keyword. News from the community Orchard Core 1.3.0 Orchard Core 1.3.0 is now available! If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the updated version of Orchard Core! There is a new page in the documentation with the breaking changes and the new features. Upgrade your solution to 1.3.0 now! Feel free to drop on the dedicated Gitter chat and ask questions! And don't forget: this release is removing support for netcoreapp3.1 and net5.0. Only net6.0 is supported. Updated Lombiq's Open-Source Orchard Core Extensions Lombiq's Open-Source Orchard Core Extensions is an Orchard Core CMS Visual Studio solution. It contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries, like the Lombiq UI Testing Toolbox or the Training Demo module that guides you to become an Orchard Core developer. And from now, this solution with all the extensions inside is updated to Orchard Core v1.3.0 and .NET 6! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 241 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Hide the "New" option if they are not authorized to edit, UI testing PoC with the Lombiq UI Testing Toolbox - This week in Orchard (04/03/2022)

This week you can read about hiding the "New" option from the admin UI if they are not authorized to edit, changing the content of the built-in recipes, and a demo about a UI testing PoC with the Lombiq UI Testing Toolbox! Are you interested in the details? Check out this post for more! Orchard Core updates Hide the "New" option if they are not authorized to edit If you have a list content type (e.g., Blog) with the contained type (Blog Post) and the user doesn't have Edit Blog Post permission, they still see the New Blog Post button on the Blog editor. Note, that the user has permission to edit the Blog. And it was a bug that could be reproduced by just following some simple steps: Create a Blog Post content type. Create a Blog content type with a ListPart containing the Blog Post type. Update the Moderator role: set Edit for Blog but don't set it to Blog Post. Create a test user and associate them with the Moderator role. Log in with the test user and create a Blog. Observe that the New Blog Post button appears on the top-right corner, but you'll get a 403 when you click on it. The solution was just to similarly to the Content list page authorize the user to edit the types so if they are not authorized to edit, then hide the New option. Remove FileContentDefinition from recipes Last December, the community decided to do not to enable the File Content Definition feature by default. And by doing that, the OrchardCore.Contents.FileContentDefinition usage was removed from the Agency and Blog recipes. It's only useful in specific cases, and most of the time you need to turn it off. The same issue is there with the Headless and Blank recipes. Especially for the Blank recipe, there is no reason to include anything apart from the bare bones. The solution was just to remove the OrchardCore.Contents.FileContentDefinition enables a step from the two recipes. Demos UI testing PoC with the Lombiq UI Testing Toolbox In this demo, we will talk about this particular pull request, which is about a proof of concept. Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it when we added some Orchard Core Features tests to it, and some weeks ago, you could read about the automated monkey testing feature of the toolbox. So, what about trying out this toolbox in Orchard itself, and let's see whether it works and whether it can be useful. Of course, we have Cypress tests in Orchard Core, so this will be something with the same goal - not necessarily useful, not necessarily wanted to add - it's a proof of concept. Let's see how it looks! If you check out the mentioned pull request, you will find a new OrchardCore.Tests.UI project which references the UI Testing Toolbox. It contains a couple of classes, the main point here is the BasicOrchardFeaturesTests one. As you can see, this contains two xUnit test methods. The first is just running the TestBasicOrchardFeaturesExceptRegistrationAsync method, which tests all the basic Orchard features except for registration with the Blog recipe. You can specify the recipe itself with several other options like enabling accessibility checks. The second test is a failing test that you can check out on the CI. It's a usual Dotnet test execution, so you get a test summary in the end. You can see what the test did, and you can find the exact reason why this test failed (because it's cannot find the element by the navbar ID on a given page). If you go to Summary and check out Artifacts, you can download a file that contains the whole dump of the application with screenshots, HTML output, the Orchard logs, everything that you may need for troubleshooting. And, of course, you can also execute the test from Visual Studio as usual. The next steps here would be to: Recreate the Cypress tests so we can see how it compares. Most possibly, this would be running TestBasicOrchardFeaturesExceptRegistrationAsync with all recipes. Using WebApplicationFactory directly instead of running the tested app with the Dotnet CLI would be useful. What's behind TestBasicOrchardFeaturesExceptRegistrationAsync would potentially need to be copied to be serious here, since if something changes in Orchard deliberately, it can fail. If you would like to know more about this PoC, head to YouTube for a recording! News from the community War in Ukraine and Lombiq War in Ukraine and Lombiq: How does it affect us at Lombiq and what we're doing to help: https://lombiq.com/blog/war-in-ukraine-and-lombiq Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!