Our blog contains the activity stream of Orchard Dojo: general news, new resources or tutorials are announced here.

Featured tags

IIS
API
All tags >

Keep IDisplayManager backward compatible, adding permission check when querying content using GraphQL - This week in Orchard (02/12/2022)

Keep IDisplayManager backward compatible, remove extra spacing around editing contents, flows, and Bag Part, and add a permission check when querying content using GraphQL. Check out our post for the details! Orchard Core updates Keep IDisplayManager backward compatible Let's assume you are using BuildEditor of DisplayManager to create a shape. Now you will find method overload to avoid method not found exception in modules that depends on IDisplayManager. But why is that exception can happen? The BuildEditorAsync and UpdateEditorAsync methods in the IDisplayManager interface now accept a new htmlPrefix parameter, and the groupId is now not an optional one. To keep the IDisplayManager backward compatible, the old methods are marked as obsolete such that old compiled libraries use the obsolete methods, but new code knows it should use the new methods. Remove extra spacing around editing contents, flows, and Bag Part This change introduces some changes in the admin UI. We have some extra spacing around the Bag Part, Widget List, and Flow Part. There was also extra spacing around the create/edit form in the contents and the page title. The goal of this is to fix the inconsistent spacings and make the look and feel of the admin UI nicer. Add permission check when querying content using GraphQL Let's say you want to grant a user permission to be able to query their own content only using GraphQL. However, there seems to be no way to do that like we can do it using the UI. It would be nice to be able to apply the permissions as we do in the UI for GraphQL. So, here comes a new filter that honors their permissions. Also, GraphQLContentOptions.ConfigureContentType(...) had no effect. If the user configures contentType as hidden, we still show it anyway. This was also fixed. News from the community Orchard Harvest 2023 For those who are too young to remember, we had Orchard conferences, called Orchard Harvest. And the conference website was available under orchardharvest.org, but unfortunately, it's not anymore. The last one was in 2017 in New York. So, having another get-together is very much overdue. If you would like to see or get a feeling of how this looked like before, we have a couple of mood videos on the Orchard YouTube channel, like this one from the first conference. The point is that we should really think about organizing the next one, and we at Lombiq can take part in that or provide an organizing role with anybody who wants to take part. If you have any feedback or you are looking forward to having a Harvest again, please share your opinion with us by filling out this survey about the upcoming Orchard Harvest! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 379 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Extend user permissions, add Contained Stereotypes Bag Part Settings - This week in Orchard (30/09/2022)

Add Contained Stereotypes Bag Part Settings to allow a user to include content types by stereotype, add Displayed Stereotypes property to Content Picker Field Settings, demo about extending the user permissions, and many more waiting for you in our current post! Orchard Core updates Add Contained Stereotypes Bag Part Settings to allow a user to include content types by stereotype When attaching Bag Part to a content type, the user must explicitly set Contained Content Types with an array of content types to be included in the Bag Part. This is good for most cases; however, it would be great to allow for setting the contained content types using Stereotype. The stereotype would be in addition to not in place of Contained Content Types. For example, we want to group all Contact Methods (phone number, address, email address, etc.) by a stereotype type called ContactMethod. All of these content types share a similar functionality which is a way to contact a person. Now we created a Person content type and attached a Bag Part to it. In this case, we had to explicitly specify each content type in the Contained Content Types. But if a new content type was added later from other feature/module, the user would have manually to edit the Bag Part settings every time/everywhere ContactMethods are used to add the new content type which isn't efficient. So now the Bag Part is more flexible. And as you can see here, now we have two radio buttons under the Contained Content Types option where the user can select Content Types or Stereotype. Add Displayed Stereotypes property to Content Picker Field Settings And this one is quite the same as the previous feature but for the Content Picker Field. For example, we want to group all to-do items (appointments, meetings) by a stereotype type called ToDoTask. All of these content types share similar functionality which is a to-do task. Now we want to use Content Picker Field in a different content type to allow the user to select a to-do-task of any kind. In this case, we have to explicitly specify each content type in the DisplayedContentTypes. But if a new content type was added later from another feature/module, the user would have to manually edit the Content Picker Field settings all time. Everywhere to-do tasks are used to add the new content type which isn't efficient. So, let's say we navigate to the editor of a Content Picker Field. And here you can say that you can select the Contained Content Types to: Display All Content Types Content Types Stereotype Add settings to form widgets There was a bug in OC. The option editor wasn't loaded when trying to add Select Input while creating a form. Also, the edit button did not open the modal that would allow you to populate the options using JSON. If the content is saved, and the page is loaded again then the modal and the options editor work just fine. Another form-related improvement is validation. When creating a form using the Form input widgets like (Input, Select, and Text Area) there is no easy way to add a label and validation elements to the input. The current approach is to add a label widget and then a validation widget which is not always ideal. We can make this process much simpler by adding settings to the Input, Select, and Text Area widgets with the following properties: LabelOption an enum value with the following values (None, Standard, ScreenReaders). By default, None is selected to keep it backward compatible. ValidationOptions an enum value with the following values (None, Standard). By default, None is selected to keep it backward compatible. Now, if the user selects an option other than None in the settings, we’ll create the label in the same widget block. The same applies to ValidationOptions. This will make things like dragging/dropping widgets during edit and controlling the size much easier. At the same time, we output less HTML code. And if we add the validation rules, we’ll have more validation logic which makes the widgets more useful. And now, the editor of the Select Input looks like the following with the additional options. And of course, the same applies to all of the built-in form inputs. Demos Extend user permissions A couple of months back there was a need reported to have some roles to be able to edit a user and some not. And there is a conclusion that the user interface is not very flexible at the moment with the permissions. So, it kind of makes it hard if you have a unique case where you need some specific users to be able to do stuff. And also, to set up who can see what users, when you are listing the users. To be able to test out this feature with us, you have to check out this PR on GitHub. The first thing that you will notice is the new permissions regarding Users. In this case, we navigated to Security -> Roles and edited the Moderator role. There are new permissions, for example, Assign any role, Delete any user or Delete users in role - Administrator, List all users, etc. So, you can say you can list all the users, but it doesn't mean you will be able to edit all the users. If you try to edit a given user, you will notice something new here. As you can see, the user name of the user is not editable, but you can edit the email address of the given user. This is controlled by settings that you can reach under Configuration -> Settings -> User Profile Settings. As you can see, here you can allow or deny changing the user names or email addresses of the users. But now back to the users' list. Let's say we have some predefined users and made some changes regarding the permissions of the Moderator role. Now, we logged in with a user who has the Moderator role. After that, the user with the Moderator role will see something like this. First of all, you can notice that there is a little badge under every user that shows the roles the user has. You can also see that this user has permission to see users in the Editor role, but they can't edit or delete the editor user. Now let's edit the author user! Here you can see that this user can edit the settings of this user but can't fully manage the roles of the author user. They have the option to add or remove the Author role but that's it, nothing more. And we are just showing you some simple scenarios about what you can achieve and how you can customize the user permissions. If you want to see more complex scenarios, head to YouTube for a recording! News from the community Helping Global Health build an Advanced Form Builder using Form.io When Global Health from Australia approached us with the request to build an advanced form builder using Form.io, it promised to be an interesting project. They were looking to integrate this new form builder deeply into MasterCare+, their Multi-Tenanted SaaS-based platform for Health Care which is built on Orchard CMS. It would allow creating custom forms for a wide range of scenarios in the health care domain, using the advanced editing capabilities of Form.io. The solution built by Lombiq was an important step in bridging the gap between paper forms and electronic health care management. Check out the full post here! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 354 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Admin Culture Picker, Enhance BagPart to honor permissions - This week in Orchard (12/08/2022)

Enhance BagPart to honor permissions, add permissions for the Amazon S3 module, improve the workflow function description in the document, and a demo about the Admin Culture Picker! Let's get started! Orchard Core updates Enhance BagPart to honor permissions Let's say you want some users to be able to add content items to a specific bag while others to only be able to view only existing items. Currently, any content item contained in a BagPart is always editable regardless if the contained item is securable or not. In most cases, this is fine. However, this function should also be extended to honor the security rules when the contained item is securable. This means a user with EditContent permission can add/edit items to the BagPart whereas a user with ViewContent permission only should see the content item as a read-only version "like preview" but should not be able to make any change to it. So, this addition is about enhancing the BagPart to honor permissions for the contained content types. To try this one out, set up a site using the Agency recipe which contains the Landing Page content type which has several BagParts attached. Now, let's say that users with the Editor role will not be able to edit the services section of the Landing Page. Meaning the Editor role will not have Edit permission for the Service content items. We have to do things to achieve this: Edit the Service Content Type and put a tick to the Securable check box. This means this content type can have custom permissions. Edit the permissions of the Editor role. First, revoke the Edit content for others permission. Now, make sure that the Editor has no Edit Service for others permission regarding the Service Content Type. Now we set up that users with the Editor role will not be able to edit securable content types. Let's create a user with this role and log in as this new user. Now, we need to find the predefined Landing Page content item and edit it. As you can see, this user cannot add or edit an existing Service content item by using the editor of the BagPart. They can view the content of these items, but that's all. Notice that they can edit the Portfolio content items under the Services one. Add permissions for the Amazon S3 module A few weeks ago, we mentioned the new Amazon S3 module. The Amazon Media Storage feature enables support for storing assets in Amazon S3 Bucket. The feature replaces the default App_Data file-based media store with an Amazon Media Storage Provider. And now, you will see new permissions for that module called View Amazon S3 Media Options. If you have this permission, you can access the page under Configuration -> Media -> Amazon S3 Options which lists the Amazon S3 storage options. Improve the workflow function description in the document The Workflows module provides a way for users to visually implement business rules using flowchart diagrams. Many activities have settings that can contain either JavaScript or Liquid syntax. The fields of these activities allow you to enter Liquid markup, enabling access to system-wide variables and filters, as well as variables from the workflow execution context. And several JavaScript functions are available by default to any activity that supports script expressions. This page of the documentation lists these functions. And now, this table has been updated with some lines about the setProperty, executeQuery, and log functions. Demos Admin Culture Picker Unless you have a language switcher on website pages, you could not switch a language in the admin panel. This demo is about showing you a dropdown button in the admin panel header to switch languages. First of all, open up the admin UI of Orchard and head to Configuration -> Features, and enable the Admin Culture Picker one, which provides a culture picker shape for the admin. Don't forget to enable the Localization feature too, to be able to try out this culture picker. Now you can say that your site supports multiple cultures. Head to Configuration -> Settings -> Localization -> Cultures and have at least two supported cultures. And as you can see, the dropdown now contains all the cultures that the site supports. You can switch between them, and if you choose a given language, the UI of the admin will be shown by using the words of the given language. If you would like to see this picker in action, head to YouTube for a short demo! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 315 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Support a read-only behavior in the content management screen, visual verification testing in the Lombiq UI Testing Toolbox - This week in Orchard (05/08/2022)

Add password to the user creation form, support a read-only behavior in the content management screen, and a demo about adding visual verification testing in the Lombiq UI Testing Toolbox! Let's get started! Orchard Core updates Add a password to the user creation form By default, apps use basic authentication to authenticate users into their site including Microsoft Identity-based apps. No user is able to authenticate/login without providing a "username" and "password". Alternatively, an admin could enable some sort of external authentication providers like Azure AD or any other providers to avoid the need to manage the authentication by the app directly. These external providers are optional and not enabled by default in Orchard Core, so creating a user with no password by default adds no value since no the user can't log in without one. Currently, when adding a new user using the admin UI, the admin has to create a user and then go to a second view to set/reset their password. This is a very awkward workflow, especially if you want to add many users. Since username/password are required by default for a user to log in, the admin should be required to provide a password rather than creating a useless user with no password. Note, the point here is that password is required to log in by default without having to enable optional additional authentication providers. Let's try it out quickly! Head to the admin UI of Orchard Core and navigate to Security -> Users. Here you will find the Add User button. Click on it! This will navigate you to the create user page, where you can find some new goodies. First of all, you can provide a password for the newly created user here. But you have the option to generate a random secure password or copy the password to the clipboard. Support a read-only behavior in the content management screen The idea here is that both Admin Menu and Content management screens should be viewable if the user has View own X, View X by others, Preview X by others, or List X content item(s) owner by all users permission. Any of these permissions should be enough to display content. View rules should be implied if one has edit, delete or publish permission; you can't delete, edit or publish if you can't view something. Making this change will easily add view-only support to the contents in the admin. Meaning, that if the user has permission to View Blog, we should list the Blog content items in the Manage Content screen, for example. To try this out, we will modify the permissions of the built-in Editor role (Security -> Roles -> Editor -> Edit). As you can see, the Editor now has no Edit content for others and Edit own content permissions, but we set these edit permissions for the Blog Content Type. Meaning the Editor can only edit the Blog content items but can view every other content item. Now, let's log in with a user with the Editor role and navigate to the Manage content screen. As you can see, this user now can see every content item in this list, but the Edit button is only available near the Blog content items. Meaning this list now shows every content item which can be viewed by this user. Demos Visual verification testing in the Lombiq UI Testing Toolbox Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it, when we added some Orchard Core Features tests to it, and when we added the automated monkey testing feature to it. This time we will introduce the Basic Visual verification testing in the Lombiq UI Testing Toolbox for Orchard Core. Lombiq's Open-Source Orchard Core Extensions is an Orchard Core CMS Visual Studio solution that contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries. Please keep in mind that only those extensions included that use the latest released version of Orchard (i.e., the very cutting-edge ones depending on a nightly build are not yet here). This solution contains the Lombiq UI Testing Toolbox as well, so we will use this one for the demo. The BasicVisualVerificationTests.cs contains three different samples about how you can verify the content displayed on your page visually. The first one is about checking the content of the element that has the field-name-blog-image class. The second one is about checking the content of the navbar (the element that has the navbar-brand class), and the third one will check the whole content of the home page. Here you can see the page that we will test. The red texts show you the Navbar and Blog image elements. Let's verify the content of the Navbar! The Navbar contains the site name which we can provide when we set up our site. Let's try to set up our site using a different name than the Lombiq's OSOCE - UI Testing and run the test. Here you can see that the test set up the site using the Lombiq's OSOCE - UI Testing Demo site name, and our visual verification failed since the asserted element looks different from the baseline image. The baseline image was loaded from an embedded resource which you can find in the repository here. If you want a new baseline image, simply delete the existing one, and a new one will be generated on the next run. And that's not all of it! Do you want to know more about this new addition to the Lombiq UI Testing Toolbox for Orchard Core? Then check out the comments of the BasicVisualVerificationTests.cs file and this recording on YouTube! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 309 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Change how the permissions are grouped and sorted, provide a way to override YesSql configuration - This week in Orchard (29/07/2022)

Change how the permissions are grouped and sorted, provide a way to override YesSql configuration and additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages! Check out our current post to read about the details! Orchard Core updates Change how the permissions are grouped and sorted When the permissions are listed during role edit/create, currently we show the feature ID instead of a name. Displaying just the feature ID is not user-friendly. Here the goal is to create a new UI for this and also to order the permissions by Feature Names. Also, for content types, then it would display the content type name instead of its technical value/ID. So, we could display:{ Content Type Display Name } Content Type - { Content Type Technical Name }. In the case of the Blog content type could be My Blog Content Type - Blog. In order to show dynamic permissions as { Content Type Display Name } Content Type - { Content Type Technical Name } we would have to change how the category is set here otherwise we don't have the content type technical name here. But how the new UI looks like now? If you head to the admin UI of Orchard Core and navigate to Security -> Roles and Edit a given role, you will see the new UI. Here you can see we have a feature with the name Media and you can find the feature ID in brackets (they can be defined in the Manifest.cs file of the module). And under the Media (OrchardCore.Media), you can find all of the permissions which were defined in this module. You will find the Page Content Type - Page header at the bottom of this screen. This means the first word here is the Display Name of the Page content type (which is Page) and the last word here is the Technical Name of the Page content type, which is Page. Provide a way to override YesSql configuration Currently, there is no way to change the configuration of YesSql in Orchard Core. From now on you will find a new YesSqlOptions class that provides options to allow one to override the defaults. Added additional OpenId Introspection/Revocation endpoints and PKCE to the OpenID Settings and Application UI pages As a basic authorization server, the OpenID module doesn't use all the features/endpoints offered by OpenIddict, like introspection and revocation. As mentioned in openiddict/openiddict-core#1359 (comment), these features can be configured by amending the OpenIddict settings via a custom plugin, but a simpler story - GUI or recipes-based - may be preferable. To see the new changes, enable the OpenID Authorization Server and the OpenID Client features and after navigate to Security -> OpenID Connect -> Settings -> Authorization server. You will find a new Require Proof Key for Code Exchange checkbox on this page, which is a global setting that applies PKCE to all registered clients whether or not the 'Require PKCE' flag was set in the Application settings page. And you can do the same when adding an OpenID Connect Application. You can add a new application under Security -> OpenID Connect -> Management -> Applications. If you click on the Add an application button and put a tick to the Allow Authorization Code Flow checkbox, you will find the Require Proof Key for Code Exchange checkbox here as well. Note: ensure that the client application and OAuth or OIDC library being used supports PKCE before enabling this option. The documentation has also been updated to show you a sample of the OpenID Connect Settings recipe step and a sample of the OpenID Connect App recipe step. News from the community Lombiq Offline event Sometimes it's not just about work but doing something just for fun. These events are specifically for this: we get together and do something cool like breaking out of an escape room, going for a go-kart ride, or playing paintball. Our latest event took place at Lake Velence. We had a nice cycling tour around Lake Velence, had lunch in a nice restaurant, and had a barbecue together at the accommodation. The next day we went on a kayak trip and did a nice trip together to the nearby hills of the lake. This was a great opportunity to update our group photo on our official website, so head to the About us page where you can see most, but not all of our team as of the summer of 2022. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 313 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Hide the "New" option if they are not authorized to edit, UI testing PoC with the Lombiq UI Testing Toolbox - This week in Orchard (04/03/2022)

This week you can read about hiding the "New" option from the admin UI if they are not authorized to edit, changing the content of the built-in recipes, and a demo about a UI testing PoC with the Lombiq UI Testing Toolbox! Are you interested in the details? Check out this post for more! Orchard Core updates Hide the "New" option if they are not authorized to edit If you have a list content type (e.g., Blog) with the contained type (Blog Post) and the user doesn't have Edit Blog Post permission, they still see the New Blog Post button on the Blog editor. Note, that the user has permission to edit the Blog. And it was a bug that could be reproduced by just following some simple steps: Create a Blog Post content type. Create a Blog content type with a ListPart containing the Blog Post type. Update the Moderator role: set Edit for Blog but don't set it to Blog Post. Create a test user and associate them with the Moderator role. Log in with the test user and create a Blog. Observe that the New Blog Post button appears on the top-right corner, but you'll get a 403 when you click on it. The solution was just to similarly to the Content list page authorize the user to edit the types so if they are not authorized to edit, then hide the New option. Remove FileContentDefinition from recipes Last December, the community decided to do not to enable the File Content Definition feature by default. And by doing that, the OrchardCore.Contents.FileContentDefinition usage was removed from the Agency and Blog recipes. It's only useful in specific cases, and most of the time you need to turn it off. The same issue is there with the Headless and Blank recipes. Especially for the Blank recipe, there is no reason to include anything apart from the bare bones. The solution was just to remove the OrchardCore.Contents.FileContentDefinition enables a step from the two recipes. Demos UI testing PoC with the Lombiq UI Testing Toolbox In this demo, we will talk about this particular pull request, which is about a proof of concept. Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it when we added some Orchard Core Features tests to it, and some weeks ago, you could read about the automated monkey testing feature of the toolbox. So, what about trying out this toolbox in Orchard itself, and let's see whether it works and whether it can be useful. Of course, we have Cypress tests in Orchard Core, so this will be something with the same goal - not necessarily useful, not necessarily wanted to add - it's a proof of concept. Let's see how it looks! If you check out the mentioned pull request, you will find a new OrchardCore.Tests.UI project which references the UI Testing Toolbox. It contains a couple of classes, the main point here is the BasicOrchardFeaturesTests one. As you can see, this contains two xUnit test methods. The first is just running the TestBasicOrchardFeaturesExceptRegistrationAsync method, which tests all the basic Orchard features except for registration with the Blog recipe. You can specify the recipe itself with several other options like enabling accessibility checks. The second test is a failing test that you can check out on the CI. It's a usual Dotnet test execution, so you get a test summary in the end. You can see what the test did, and you can find the exact reason why this test failed (because it's cannot find the element by the navbar ID on a given page). If you go to Summary and check out Artifacts, you can download a file that contains the whole dump of the application with screenshots, HTML output, the Orchard logs, everything that you may need for troubleshooting. And, of course, you can also execute the test from Visual Studio as usual. The next steps here would be to: Recreate the Cypress tests so we can see how it compares. Most possibly, this would be running TestBasicOrchardFeaturesExceptRegistrationAsync with all recipes. Using WebApplicationFactory directly instead of running the tested app with the Dotnet CLI would be useful. What's behind TestBasicOrchardFeaturesExceptRegistrationAsync would potentially need to be copied to be serious here, since if something changes in Orchard deliberately, it can fail. If you would like to know more about this PoC, head to YouTube for a recording! News from the community War in Ukraine and Lombiq War in Ukraine and Lombiq: How does it affect us at Lombiq and what we're doing to help: https://lombiq.com/blog/war-in-ukraine-and-lombiq Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 238 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Add UsersFolder for media assets, Liquid IntelliSense for Monaco editor - This week in Orchard (18/08/2021)

Updating Monaco editor to have Liquid IntelliSense, new UsersFolder for media assets, a brand new Orchard Core website, and many more in our upcoming post! Orchard Core updates Add UsersFolder for media assets Open up the admin UI of Orchard Core and head to Content -> Media Library. Here you will find a folder called _Users. Under this folder, you can find three different ones where each folder has the name by an ID of a given user. The reason for that is, we have three users in the system right now who have access to manage the content of the media folder and the content of their own media folder. If you check the permissions page for one of the roles you will see some new permissions come from the OrchardCore.Media feature: Manage All Media Folders Manage Media For Others Manage Own Media These permissions allow administrator users to be able to manage the content of other user's media folders but can restrict others to manage just their folders. Users with the Editor role can only see and manage their own media folder. Note that this is just about managing media assets not hiding the files of the folder. Every user can see the image served under the https://localhost:44300/media/_Users/4dsckq969tr2czhkskgg9nw3mj/image.jpg but they cannot delete this file and cannot modify the content of the 4dsckq969tr2czhkskgg9nw3mj folder. On the left window, the administrator user can see all of the folders, but on the right window, an editor user can only see their folder. If you don't like the naming _Users for the folder under AssetsPath, you can easily use another name for that just by using the appsettings.json file to configure media. If you navigate to Configuration -> Media -> Media Options you will find the name for the Assets user folder as well. Liquid IntelliSense for Monaco editor We have several custom Liquid filters and tags in Orchard Core and when you would like to use these from the admin UI of Orchard Core, (like editing a template or an Html Field using the Monaco editor) that would be nice to have some help with the registered filters and tags. This feature is about adding IntelliSense for Liquid in the Monaco editor. Let's see how we can try it out! Here we have a site installed with the Agency recipe. That recipe contains a Content__LandingPage template for the Landing Page content type by default. If we start to type the {% shape %} expression, we will see a list that contains all the registered filters with the word shape in it. Flow alignment icon always render as left aligned Let's say we have a content type with a Flow Part attached. If you are using Flow Part, you have the option to put several widgets to it. You can also set the alignments of the widgets and the width of the widgets meaning you can put two widgets near each other and you can say that I want to put this widget on the left side of the row and fill the 66% of the row with it and I want to put this widget on the right side of the row and fill the 33% of the row with it. You can do that using a nice UI but there was a minor bug which was about the little icon of the editor wasn't reflect the alignment of the given widget. You can see that now the icon here shows that the second Html widget inside the Container widget is right-aligned. News from the community A new website using Orchard Core: City of Santa Monica Santa Monica is a beachside city of 8.3 square miles on the westside of Los Angeles County. Offering an environment of unparalleled natural beauty, the city is home to a mix of residential communities, commercial districts, and recreational venues. And now the website of the City of Santa Monica is here, built by using Orchard Core! Check out this brand new, amazing-looking Orchard Core site here! If you are interested in more websites using Orchard and Orchard Core, don't forget to visit Show Orchard. Show Orchard is a website for showing representative Orchard CMS (and now Orchard Core) websites all around the internet. It was started by Ryan Drew Burnett, but since he doesn't work with Orchard anymore, as announced earlier it is now maintained by our team at Lombiq Technologies. DotNest Core DotNest Core is a complete redevelopment of the DotNest platform, all on the latest version of Orchard Core. We've been running it with a couple of select few customers for a while now, and it's time to open it up a bit more. While you can't yet just simply create an Orchard Core-based DotNest site, you can sign up for our limited beta here. You'll soon be able to get a fully functional, reliably hosted Orchard Core site on DotNest where you can build your personal website or something to showcase your Orchard skills with. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 216 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Improving search filters to the contents list - This week in Orchard (22/06/2021)

We can write about several nice improvements this week! Adding missing deployment steps, new lines about Shortcodes in the documentation, updating the content type editor, and a demo about the search filters improvements to the contents list! Orchard Core updates Deployment steps We have several cases where we have the recipe steps but not the deployment steps. For example, now you can export the Facebook login settings but without secrets (like passwords) because we don't handle that in the recipes right now. The newly added import/export deployment steps are: FacebookLogin GoogleAnalytics Microsoft Azure AD OpenIdValidationSettings Technical name of Content Type and Display Name of Content Parts in Edit Content Type page This feature is about to show a read-only input with the technical name of the content type when you would like to edit the content type definition. With this feature, you can easily see the difference between the display name and the technical name. Of course, you can guess the display name by the technical name, but not everyone knows that. You can check it out easily. Let's just navigate to the admin UI of Orchard Core and go to Content -> Content Definition -> Content Types. Edit one of the content types, and you will see the technical name and the display name of the content type. Shortcodes docs and rename Razor helper We have the HtmlToShortcodesAsync Razor helper that you can use to render Shortcodes. This one is now renamed to ShortcodesToHtmlAsync, and the old one is marked as obsolete. And you can also find some new lines in the documentation about how to render Shortcodes via a Liquid filter or Razor helper. Check allowed file extensions when importing media You can have a list in Orchard Core that contains the file extensions that can be uploaded to the media library. If you would like to upload a PDF file to the media library and the PDF extension is not allowed, you won't be able to upload that. However, if you want to import a PDF file via recipes, you could do that because the file extension checking was missing from there. It could be a security issue but if you have rights to execute recipes, that means you have already logged in as a user who has Security Critical permissions. And one more note here: if you do _logger.LogWarning, don't forget to check is the LogLeveL.Debug enabled _logger.IsEnabled(LogLevel.Debug), otherwise, don't write a warning to the log files. Remove deprecated SHA256CryptoServiceProvider usage While running a benchmark, it started failing, the SDK throwing some warning that the CryptographyAlgorithms.CreateSHA256() is deprecated and cannot be used in .NET 6. The documentation says that now we can do SHA256.Create(), and it works for all the versions that we are targeting. Someone else from Microsoft related to benchmarking and performance mentioned this issue because they are using Orchard Core as a source for the PGO. PGO means Performance Guided Optimizations which is a way to analyze what's happening in an app to optimize the IL generated by the JIT. Demos Improving search filters to the contents list A few weeks ago, you could see a demo regarding search filters and parsers for the contents list. This demo is just about showing you the final version of the search filters that you can also try out right now if you are using the preview packages of Orchard Core! Let's see how you can use this feature that makes browsing your content items much easier! We have a site set up with the Blog recipe. The blog recipe creates an Article content type and one Article content item by default. If you want to list all of the article content items, you just need to navigate to Content -> Content Items and select Article from the filter by content type dropdown menu. As you can see, this means that the Search textbox will be populated with the type:Article expression. It means if you write, type: and the name of the content type, you can list all of the content items from the given type. If you also want to sort the items by the created date (select Recently created from the Sort dropdown menu), the sort:Created text will also appear in the Search textbox. If you click on the funnel icon before the search box and select the Filter Syntax one, you will see a modal window that shows you the available filters. This modal describes all the registered filters that you can use with the given properties. It also shows you the current values of the given filters and a little bit of information about the syntax. And then down the bottom, you just get the current filter and the normalized version of it which describes how it's being constructed. And the same applies to the Users list too (Security -> Users). Here we filtered for the Enabled users where the name contains admin, and where the Administrator role applies. Finally, we sort them by their email address. If you would like to know more about this feature don't forget to check out this recording on YouTube! News from the community Lombiq Utility Scripts: create a trusted certificate Our Utility Scripts project is open source from last year! Many scripts for Orchard Core, Orchard CMS, Azure, SqlServer development. E.g., quick Orchard Core solution init, reset/reinstall. In the following lines, we would like to show you a nice and useful script that could be a very handful one during your Orchard Core development. The CreateTrustedCertificate script creates all necessary files and imports them into the local Certificate Store so that it can be used to access localhost sites via HTTPS. If you open up that file in GitHub, you will find several comments in the script that help you to see what are the steps that are script is actually doing! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 204 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Orchard branding, Assign Role permissions - This week in Orchard (28/03/2021)

Check out our current post for many interesting topics and demos like updating the branding of Orchard; introducing Noayo, a new Orchard Core hosting platform; a new Orchard Core site, and many more! Orchard Core updates Update branding The issue is that we don't really have concise branding guidelines or even proper branding assets, just what's left over from a long time ago: https://docs.orchardcore.net/projects/O1/en/latest/Documentation/Walkthroughs/#orchard-branding The goal would be to possibly retouch the existing design a bit: E.g. the current logo's outer circle is strangely uneven, and to use a different branding color than the green there or just use those but then we should settle with the same main brand colors everywhere. Let us introduce you Paris Noble, brand strategist and co-founder of Elevate Strategy & Design. For the past 2 years, they've been working closely together with us on many Orchard-related projects that either needed something to do with strategy and/or design. So why do we want to start rebranding Orchard? Branding is super important to make Orchard a widely known, competitive product, to truly make it an industry sensation. And now you can see some logo proposals with a poll on Twitter too! If you haven't voted, please choose the logo that you are like the most. And don't forget to follow this issue on GitHub where you can freely add your opinion about the new logo to make Orchard Core even better! Add .NET 5.0 and netcoreapp3.1 target framework multi-targeting This is about changing all of the target frameworks, all the props files, and targets files to support .NET 5.0 as default. So, now every module is compiled on both, and right now the only target is 5.0, but anyone can define 3.1 because it will work with that. If you want 3.1 by default you can set it. Now you have all the new features of 5.0, but for now, we only used it for performance improvements. When we publish, we need to define what we want to publish for, so again, the Docker files are by default deployed with 5.0 and it's not breaking your existing site. It will still work, there is no breaking change here. Demos Dynamic user permissions - Assign Role We had a demo a few weeks ago where you could see how you can use the new Manage Users in Role permissions which means you can restrict which users you can manage by the name of the role. That means you can delete them, disable them, change their email address, and so on. The new permissions here are the Assign Role permissions in the OrchardCore.Roles feature. Let's see this new addition in a simple example! Let's say we have a user with the Editor role assigned. And we say that users in this role will have the permission named Assign Role - Author. You can set that in the admin UI under Security -> Roles. What does it mean in practice? To see that let's log in with that user who has the Editor role assigned. Navigate to the admin UI of Orchard Core and head to Security -> Users. Here let's hit the Edit button near the admin user for example. As you can see, the Roles list contains every role in the system and you can see that this user has the Administrator role. But all of the checkboxes here are disabled, except the Author one. This user can only assign the Author role to this user because we said that the users with the Editor role can only assign the Author role to users. Head to YouTube to see a short demonstration about this feature! Noayo Noayo is a fictional word that comes from noyau, which is a French word that means core in English. Noayo is an Orchard Core hosting platform and it allows you to create your own Orchard Core instance online. You can use a Bootstrap template for that site. You have two plans: the first one is 5$/month, you have 14 trial days, you will get 300Mb storage, you can have a maximum of 300 content items and 1$ is redistributed to contributors. The 10$ plan has more storage, you can have more content items and that also allows you to use your custom domain. If you would like to request a new account, just hit the Request an account button. In the following demo, you could see the Site management feature of Noayo and a presentation of a given site that runs on Noayo. Head to YouTube now to learn more about Noayo! News from the community A new website using Orchard Core Musica Pristina's purpose is to connect people with a breathtaking musical experience in their home. One where selecting what to play is nearly as enjoyable as listening to it. If you are interested in more websites using Orchard and Orchard Core, don't forget to visit Show Orchard. Show Orchard is a website for showing representative Orchard CMS (and now Orchard Core) websites all around the internet. It was started by Ryan Drew Burnett, but since he doesn't work with Orchard anymore, as announced earlier it is now maintained by our team at Lombiq Technologies. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 192 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

Dynamic user permissions, Multi Text Field - This week in Orchard (14/02/2021)

We also have two demos this week! One is about the Multi Text Field, a new field that can be used to define multiple selectable options to a given list, the other is about the new dynamic user permissions, which can be useful if you would like to restrict user management by their allocated roles. Read our post for more! Orchard Core updates Fix autoroute trailing slash Let's say we have a site using Orchard Core, like https://www.orchardcore.net. Here if you select the Legacy Orchard option from the menu, you will be redirected to https://www.orchardcore.net/orchardcms. But if you add a trailing slash after the URL, like https://www.orchardcore.net/orchardcms/, you will get a 404 message. The autoroute entry, in this case, is the orchardcms. Now let's see what was the fix exactly. The logic in the old code wasn't find anything that ends with a trailing slash. The new implementation now find the autoroute because it will trim the / sign from the end of the string. Document that all shells can use a single connection string Orchard Core extends ASP.NET Core IConfiguration with IShellConfiguration to allow tenant-specific configuration on top of the application-wide one. To learn more about ASP.NET Core IConfiguration visit https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration. But what if you want all tenants to access the same database? The corresponding configuration can be kept in a single place, as opposed to setting up the same connection string for all tenants one by one. Check out the updated page on the Orchard Core documentation for more details! Add shortcode resolver to HTML Field GraphQL exposes data but if it contains shortcodes, we need to be able to evaluate them also in GraphQL. Check out the new HtmlFieldQueryObjectType that is about to render the content of the HTML Field. The code also takes into account that we need to sanitize the HTML before rendering or not. Demos Dynamic user permissions We have a permission called Managing Roles that can be used to assign roles to a user but this permission is kind of unused. The goal of this new feature is to split this permission into multiple permissions. Here comes the idea of dynamic permissions, which means the delegation of which users you can manage on the Users page. If you have several users in your system you may want to only allow managing a given group of users. Let's see what it means in practice! We set up the site using the Blog recipe and headed to Security -> Users and added several users with different roles. We just using the predefined roles now and added two users for each role. Now let's imagine the following scenario: we would like to allow users with the Editor role to be able to manage the users with the Author role. It can be done right now, but we want to restrict the users with the Editor role to be able to manage ONLY the users with the Author role. To do that, navigate to Security -> Roles, hit Edit near the Editor role, and find the OrchardCore.Users Feature section. Here you will see several new permissions. The View Users permission is about to be able to see the content of the Users page or not, the Manage own user information is about to be able to edit the own information. And we put a tick in the checkbox near the Manage Users in Role - Author text. Now let's try out the new permissions by logging in with the editor user. Head to the admin UI, navigate to Security -> Users (we can see that option because we say that users with the Editor role have the View Users permission), and hit Edit near a moderator user. Users with the Editor role cannot manage users with the Moderator role, which means we will see only disabled editors here, we cannot really edit anything on this page. But if you would like to edit a user with the Author role, you will be able to do that because we allowed that on the Roles page for the Editor users. If you would like to know more about this feature, don't forget to head to YouTube to check out the recording! Multi Text Field Set up your site using the Blog recipe. To try out the new Multi Text Field we will edit the content definition of the predefined Article content type. To do that, head to Content -> Content Definition -> Content Types and hit the Edit button near the Article. Here choose the Add Field button and select the Multi Text Field as the Field Type. When you add a Multi Text Field, you can provide options to your predefined list that can be used when working with the given instances of this content type. You can set the labels and the values and also select the default one(s). You can also have several editor types for the Multi Text Field, like Standard, Picker, or Checkbox List. You can see the different editor types in the following GIF. You can also see a short demo on YouTube about this new field. Check it out now! News from the community Work with us! You've completed the Dojo Course, congratulations! You’re now officially an Orchard Core developer. Would you like to work on a variety of challenging Orchard Core projects with the biggest Orchard team in the world? Work with us! Just send us an e-mail to crew at lombiq.com. Please include what you’re most interested in professionally and attach around 100 lines of any kind of code that you’re especially proud of or just link to the favorite open-source project of your own on GitHub or else. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 192 subscribers! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!