From 1cd5c1c4e3822ad00c49a6801bd8fb1e98c5b745 Mon Sep 17 00:00:00 2001 From: Hisham Bin Ateya Date: Mon, 25 Nov 2024 09:10:44 +0300 Subject: [PATCH] AssignRoleToUsers should not be implied by EditUsers (#16954) --------- Co-authored-by: Mike Alhayek --- src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs | 2 +- src/docs/releases/3.0.0.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs b/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs index eadd52c24b2..f1cbfbd3048 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs @@ -21,7 +21,7 @@ public static class CommonPermissions public static readonly Permission ListUsers = new("ListUsers", "List all users", [EditUsers, DeleteUsers]); - public static readonly Permission AssignRoleToUsers = new("AssignRoleToUsers", "Assign any role to users", [EditUsers], true); + public static readonly Permission AssignRoleToUsers = new("AssignRoleToUsers", "Assign any role to users", true); public static readonly Permission DisableTwoFactorAuthenticationForUsers = new("DisableTwoFactorAuthenticationForUsers", "Disable two-factor authentication for any user", [ManageUsers], true); diff --git a/src/docs/releases/3.0.0.md b/src/docs/releases/3.0.0.md index 14ed4171d90..e2df9f118b9 100644 --- a/src/docs/releases/3.0.0.md +++ b/src/docs/releases/3.0.0.md @@ -48,3 +48,7 @@ The following obsolete settings were removed from `LoginSettings` class #### Login View Update The `ExternalLogin` action has been removed from the `Account` controller. If you are using a custom `Login.cshtml` view or `Login` template, please update the external login form action. As of this update, the `ExternalLogin` action has been relocated to the `ExternalAuthentications` controller. + +#### AssignRoleToUsers Permission Update + +The `AssignRoleToUsers` permission is no longer implicitly granted by `EditUsers`. To maintain the same behavior, make sure to explicitly assign the `AssignRoleToUsers` permission to any role that already has the `EditUsers` permission.