Open Closed

Missing policy grants after upgrade to 4.3.0 #1378


User avatar
0
scott7106 created
  • ABP Framework version: v4.3.0
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:

We upgraded our application from 4.2.1 to 4.3.0. After upgrading, certain administrative functions are no longer available in the client application. I cannot reproduce the problem when creating a new project using 4.3. Which leads me to think there is something incorrect or missing in my upgraded project.

When I look at the grantedPolicies from the /api/abp/application-configuration endpoint, there is a noticable difference between a "new" project created in 4.3 and my upgraded project from 4.2. The following policies exist under policies in both projects and have entries for the admin role in the AbpPermissionGrants table for both projects. However, these permissions do not exist under granted policies in my upgraded project while they are listed under granted policies in my new project.

  "AbpIdentity.OrganizationUnits": true,
  "AbpIdentity.OrganizationUnits.ManageOU": true,
  "AbpIdentity.OrganizationUnits.ManageRoles": true,
  "AbpIdentity.OrganizationUnits.ManageMembers": true,
  "AbpIdentity.ClaimTypes": true,
  "AbpIdentity.ClaimTypes.Create": true,
  "AbpIdentity.ClaimTypes.Update": true,
  "AbpIdentity.ClaimTypes.Delete": true,
  "IdentityServer.IdentityResource": true,
  "IdentityServer.IdentityResource.Update": true,
  "IdentityServer.IdentityResource.Delete": true,
  "IdentityServer.IdentityResource.Create": true,
  "IdentityServer.ApiResource": true,
  "IdentityServer.ApiResource.Update": true,
  "IdentityServer.ApiResource.Delete": true,
  "IdentityServer.ApiResource.Create": true,
  "IdentityServer.Client": true,
  "IdentityServer.Client.Update": true,
  "IdentityServer.Client.Delete": true,
  "IdentityServer.Client.Create": true,
  "IdentityServer.Client.ManagePermissions": true,

These are listed in the AbpPermissionGrants table for the admin role in both projects.


6 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi scott7106

    I checked the upgrade changes and did not find any reason to cause your problem. Can you compare the code of your project and the new project? Including database migration and structure?

  • User Avatar
    0
    scott7106 created

    Hi maliming,

    I have compared every line of code and cannot find a difference. With each version, we generate a new version of a baseline project (no code) and then issue a pull request to compare the source code differences of the new version for a baseline project. We use this information to implement the changes needed for the new version. In this case, we have implemented everything shown in the project compare and are still missing the data listed.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share the project with me?

    liming.ma@volosoft.com

  • User Avatar
    0
    scott7106 created

    The link to download the project was sent to your email.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You disabled some permissions.

    https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs#L57

  • User Avatar
    0
    scott7106 created

    Thanks!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 19, 2024, 12:56