Architecture Orchard CMS. Security and Development Concepts

    This is a continuation of the second part of the guide “ How to create your website from scratch using Orchard CMS ”. You can get acquainted with the first part of the guide here: the beginning and the continuation . Start “ Orchard CMS Architecture. Basic concepts ”can be found and read here and here .


    In order to start working with Orchard CMS, you need to learn the basic concepts that are used in this CMS to work with content. In this part of the guide, we will introduce you to the concepts of security and delimitation of rights in Orchard CMS and to the concepts used in the development of modules for a content management system.

    Let me remind you that automatic download of Orchard is available from the application gallery using the Web Platform Installer, a quick access tool (click on this link to start the installation ).

    Orchard CMS Security Concepts

    An important part of each content management system is security, delimitation and management of user rights. In this part of the tutorial, we will cover the Orchard CMS security concepts.

    Users and Roles

    In Orchard CMS, users can be assigned roles that have a set of specific permissions and access rights. Any user can have from one to several roles.

    Developers and site administrators can create their own roles for users, however, in Orchard CMS, a set of basic roles already exists by default:
    • Administrator (Administrator) - users have full access to all the settings and content of the website;
    • Editor - users can edit and publish content created by other authors, but cannot create their own content;
    • Moderator - users exercise control over user content, such as comments, and check it for compliance with the rules of the site;
    • Author (Author) - users can write and publish content on the site;
    • Provider (Contributor) - users create content, but may not have rights to publish it;
    • Anonymous (Anonymous) - a user unknown to the system, the one who did not log into the system;
    • Authenticated - Any user who is logged in.
    Any roles except the roles "anonymous" and "authenticated" can be assigned manually. These two roles are assigned automatically while the site is running.


    Fig. 2.14. Management of users and roles in the administration panel of Orchard CMS

    In Orchard CMS, management of roles and users is performed using the administration panel and the corresponding sections (Figure 2.14).

    Privileges and Permissions

    In the Orchard content management system, all users can have various privileges and permissions on the site. The rights and privileges to perform some actions on the site are described in Orchard by a permissions mechanism.

    In Orchard CMS, permissions granted to roles are inherited by users who are assigned to these roles. That is, if the user is assigned the Administrator role, then this user receives all the permissions that are inherent in the Administrator role (Figure 2.15).


    Fig. 2.15. Editing user parameters and his roles in the administration panel

    In order to revoke a user’s permission, you need to take the user’s role or edit this role and remove the permission.

    Some permissions can be obtained implicitly. For example, if you give the user "site owner" permission, then such a user will implicitly obtain all other permissions.

    Since Orchard CMS is based on a modular approach, the management of rights and the creation of a set of permissions rests with the modules and their developers. The module should define a set of permissions, which can then be set in the Orchard CMS admin panel for different roles (Figure 2.16).

    Fig. 2.16. Editing permissions for different modules for a specific role in the Orchard CMS admin panel

    Site owner

    In the Orchard CMS system, there is a special concept, “Site Owner,” which describes the superuser. This user is set during the initial configuration of the CMS (by default, it is assigned the name admin, which can be changed).

    By default, the owner of the site is granted permissions for all possible actions with the site and its contents. This permission set can be changed through the control panel.

    In addition, the Orchard CMS has a “Site Owners Permission” permission, which allows you to issue superuser rights to an entire role. This permission is granted by default to the administrator role (Figure 2.16).

    Orchard CMS Development Concepts

    Developers of Orchard CMS modules need to know a number of concepts that operate this content management tool. Most concepts relate to software development and the ASP.NET MVC framework.

    We will become more familiar with these concepts when studying the development of modules for CMS.


    A handler is an Orchard concept that is similar to action filters in ASP.NET MVC. Handlers in Orchard are code that executes in response to some event during the execution of request processing.

    To create a handler, a class is used ContentHandlerfrom which the handler class must be inherited.

    Events that the handler can respond to are processed by the following methods:
    • Onactivated
    • Oncreated
    • Oncreating
    • Onindexed
    • Onindexing
    • Oninitializing
    • Onloaded
    • Onloading
    • Onpublished
    • Onpublishing
    • Onremoved
    • Onremoving
    • Onunpublished
    • Onunpublishing
    • Onversioned
    • Onversioning


    A driver is an Orchard concept that is similar to controllers in ASP.NET MVC. Unlike controllers, drivers operate at the content level, not the query level. Drivers are preparing forms for display and process requests from the control panel.

    Driver classes inherit from the ContentPartDriver <> class .


    A record is a class that represents a database in terms of content. Records are POCO objects in which each property must be virtual.


    Record classes inherit from the ContentPartRecord class .


    The model of the content part is the content part class itself. Some parts also define presentation models to define strongly typed representations or to create more flexible dynamic forms.


    Migration is a description of the operations that must be performed during the first installation of a function or when it is upgraded from an old version to a new version. This concept allows for a soft update of functions without data loss. Orchard CMS provides a special tool for data migration.


    Code injections are widely used in Orchard CMS. When a code needs a dependency, this code will require the injection of one or more instances of a specific interface. The Orchard CMS framework will automatically take care of fetching, instantiating, and injecting the correct code at runtime.


    In the second part of the Orchard CMS manual, we examined the most important concepts that this content management system operates with.

    We got acquainted with the concepts and terms that are used in Orchard CMS when working with content. We learned the basic concepts of the system layout mechanism. We examined the security system and the delimitation of rights. And finally, we got acquainted with the concepts of Orchard CMS, which are used in the development of modules for this system.

    In the next part of the guide, we will take a closer look at widgets and the Orchard CMS functionality extension mechanism.

    Also popular now: