Tenant APIs improvements, MiniProfiler visibility based on permissions - This week in Orchard (10/03/2023)
The MiniProfiler visibility is now based on permissions, tenant APIs improvements, and using ListContent permission instead of ViewContent to see the content items list. Interested in the details? Well, then check out our post for the details!
Orchard Core updates
MiniProfiler visibility based on permissions
MiniProfiler is a library and UI for profiling your application. By letting you see where your time is spent, which queries are run, and any other custom timings you want to add, MiniProfiler helps you debug issues and optimize performance. And MiniProfiler is a built-in feature in Orchard Core that has some updates.
Let's say an admin needs to profile a production instance. Enabling MiniProfiler for everyone to see is not acceptable in most cases. Also, a user may want to profile an ajax request to analyze a query or other info.
The solution here is to provide new permissions when you enable the Mini Profiler feature. If you navigate to Security -> Roles and hit Edit near any role, you can see the new permissions which enable you to view the Mini Profiler widget on the back end and the front-end pages.
Tenant APIs improvements
Orchard Core tenant APIs got several updates lately. First of all, there was no way to update some tenant settings from API calls. Meaning, the tenant's category was missing in the ApiController. We should be able to set a tenant's description via an API call, so this property is now included in the sent model.
Another improvement is the new Edit endpoint because there was no way to update tenant settings from API calls. The new Edit endpoint in the Tenant's ApiController takes care of this and enables us to modify the tenant settings either if the tenant is uninitialized or running. The updateable properties are the same as what is displayed on the tenant editor on the Admin UI.
Use ListContent permission instead of ViewContent
Currently, we use View Content as a minimal permission to list the contents in the content items UI. We use the same permission to also show the Content -> Content Items admin menu. Here the List Content permission should be used, not View Content. What if someone wants to allow a user to view content using a direct link but does not want them to list the contents in the UI? Currently, this isn't possible.
Additionally, ViewContent is granted to all Anonymous and Authenticated roles, which is fine. But, access to list contents should be granted by the ListContent permission to avoid allowing listing content without explicit permission grant.
If you check out the change logs in the docs of the upcoming release, you can read about the updated permissions.
News from the community
Hastlayer is now fully open-source
Hastlayer is being developed by Lombiq Technologies, a software, training, and services company focusing on web development with open Microsoft technologies. Hastlayer transforms .NET software into FPGA-implemented logic circuits. (FPGAs are chips that can mimic other chips.) The result is code that runs faster and uses less power than a code-only solution without sacrificing the ability of further developing your software. Using Hastlayer will optimize your performance and lower the power consumption of hardware, which will bring you more satisfied customers who want your solution and a boost in your company’s revenue. And we have just recently fully open-sourced Hastlayer!
Orchard Dojo Newsletter
Lombiq's Orchard Dojo Newsletter has 410 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course.
Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!