Abstract away dependency on roles for controlling access

[willnationsdev]

I have a use case in which we will be relying on either LDAP groups or ad-hoc username groups to control access to individual pages. These collections will naturally grow in size over time. Porting over from an existing system, we likely have well over a thousand combinations of users able to access various pages across hundreds of sites. Using the current mechanism, we would need to generate Roles for every single one of these groups (not satisfactory).

I would propose developing a separate module for group abstraction that can then be made a dependency of this module. It would then rely on the group services to locate information with which to compare access level authority, and would rely on registered services both for collecting the data and performing the evaluations of said data. In this way, third-party modules would be able to dictate not only what data is used to determine content item permissions, but also how that data should relate to existing information in the Orchard Core CMS.

[peterkeating]

@willnationsdev This is a really great suggestion!

[willnationsdev]

@peterkeating I am actively developing a module for this. When I finish it, I will talk with my boss about the possibility of open sourcing the solution.