User Impersonation, Export Content To Deployment Target - This week in Orchard (07/08/2020)

Gábor Domonkos's avatar
Documentation, This week in Orchard, Role, Permission, Recipes

This week we are gonna show you three brand new features that are recently added to Orchard Core: the Add Content To Deployment Plan, the Export Content To Deployment Target, and View Or Download Content As JSON features. After we see a demo about user impersonation and finally we solve the mystery about what is GitHub Arctic Code Vault?

Orchard Core updates

Add Content To Deployment Plan, Export Content To Deployment Target, and View Or Download Content As JSON features

Set up your site using the Blog recipe. Now you can head to Configuration -> Features and enable the Add Content To Deployment Plan, Export Content To Deployment Target, and View Or Download Content As JSON features. This will bring you several new stuff that you can use when you are managing the content items. If you click on the Actions button you can see that the context menu is now getting a lot more items. The Export to Deployment Target is about to automatically create a custom recipe file that can be downloaded locally or send it to a remote instance. You can use the Available Targets modal to select the destination.

The Add to Deployment Plan is about to add a new content item step using this content item to an existing deployment plan. In this case, a new modal window will open again that lets you choose from the available deployment plans.

Additional content items actions

The Download as JSON is about to directly download the recipe to your computer locally and the View as JSON is a very helpful feature because as you could see in the screen below it shows you the JSON representation of the content item. The same JSON will go to the content step of the recipe when you are hitting the Download as JSON button. Here you have the availability to copy the JSON structure by clicking on the copy icon at the top-right corner of the page.

View content item as JSON

And don't forget that you can find two demos on YouTube about this feature. Click here for the Click to deploy demo and here to see the second part of the demo!

Add authentication checks to some ISite drivers

We had some drivers in Orchard Core where we hadn't check that the user has the appropriate permissions to modify the changes of given settings because the controllers won't do that for us. For example, if the user would like to change the settings of the reCAPTCHA, then we have to make sure that the user has the ManageReCaptchaSettings permission to do that. Now, these missings checks are added to the code.

Permission checking in the ReCaptchaSettingsDisplayDriver

Fixing Linux setup by making sure a directory created before creating a file

Let's say you would like to host your Orchard Core site in a Linux environment. But unfortunately, the setup failed on installation from Docker-Linux container. The strange issue was a directory needed to be created before file creation. Navigate to the SaveContentDefinitionAsync method of the FileContentDefinitionStore to see the check for the directory.

The SaveContentDefinitionAsync method

Document HTML Sanitizer and Markdown Pipeline Options

An HTML Sanitizer is available as part of the Orchard Core Infrastructure. The Sanitizer cleans user input that could lead to XSS attacks. From now you will find a new page in the Orchard Core Documentation about how to use the Sanitizer in your Razor view, how to configure the Sanitizer in the Startup classes, and much more.

HTML Sanitizer documentation

Markdown output is also sanitized during the rendering of content with Display Management. This page contains new sections about how to enable/disable or configure the Markdown Sanitization using the MarkdownPipelineOptions.


User impersonation

Open GitHub in your browser and navigate to the OrchardCoreContrib.Modules repository. This repository contains a set of modules for Orchard Core CMS driven by the community members who love Orchard Core. Here we will focus on the one called Impersonation. That feature allows administrators to sign in with other user identities.

To try this out, let's clone or download this repository then set up your site using a chosen recipe. After, navigate to Configuration -> Features and enable the Impersonation feature. To try out the impersonation, we need to have multiple users in the system. Go to Security -> Users and click on the Add User button to add a new one. In this case, we created a new user with the Author role with the author user name. In the users list, you will find a new green button called Impersonate. Here the Impersonate button is disabled for the admin user because we have already signed in with that user. So, click on that button near the user named author and see what will happen!

Impersonate button on the Users page

You could notice a slightly changed admin UI in this case. The reason for that is quite simple: users with the Author role have access to the admin UI with some content and media library-related permissions. So in that case you can do and you can see what this exact user can see and can do in that site. It's a good way to for example test the permissions and the rights for that user. If you would like to end the impersonation and return your work using your account, you can just simply have to navigate to Security -> End Impersonation, that will do the trick for you.

Signed in as a user with the Author role

If you are interested in the full demo, head to YouTube for the recording!

News from the community

Orchard Core on GitHub Arctic Code Vault

The GitHub Arctic Code Vault is a data repository preserved in the Arctic World Archive (AWA), a very-long-term archival facility 250 meters deep in the permafrost of an Arctic mountain. The archive is located in a decommissioned coal mine in the Svalbard archipelago, closer to the North Pole than the Arctic Circle. GitHub captured a snapshot of every active public repository on 02/02/2020 and preserved that data in the Arctic Code Vault. And why it is important? Because Orchard Core also sits in this Code Vault! If you have contributed a repository that is in the Code Vault you will see that in your GitHub profile! Check out this exciting video about the GitHub Arctic Code Vault!

Arctic Code Vault Contributor

Lombiq Offline event

Sometimes it's not just about work but doing something just for fun. These events are specifically for this: we get together, do something cool like breaking out of an escape room, going for a go-kart ride, or playing paintball. A few days ago we went hiking then we went back to Budapest in a boat. Check out this new picture of our team, shot at our Lombiq Offline event! While here in Hungary there are no restrictions on events like this anymore, we played it safe with a fully outdoor program. You can find this new picture on our About us page too!

Lombiq Offline Hiking Edition

Orchard Core workshops

The contributors of Orchard Core will hold some unique online workshops in September 2020. So even with Orchard Harvest postponed due to the coronavirus pandemic we'll get some new learning events.

Are you looking to get up to speed with Orchard? Check out the workshops' details on the Orchard Core homepage!

Orchard Dojo Newsletter

Now we have 156 subscribers of the Lombiq's Orchard Dojo Newsletter! We have started this newsletter to inform the community around Orchard with the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post published to Orchard Dojo, including This week in Orchard of course.

Do you know of other Orchard enthusiasts who you think would like to read our weekly articles? Tell them to subscribe here!

If you are interested in more news around Orchard and the details of the topics above, don't forget to check out the recording of this week's Orchard meeting!

No Comments

Add a Comment