Open Closed

We don't want to use the Organization Unit functionality and want to remove it from the UI/API #255


User avatar
0
paulmcelhinney created
  • ABP Framework version: v2.9.0
  • UI type: Angular
  • Tiered (MVC) or Identity Server Seperated (Angular): Angular and Identity Server Not separated
  • Exception message and stack trace:
  • Steps to reproduce the issue: In our current application, we don't need the addtiional functionality of Organization Unit. What's the recommended way to not have it show in the UI and API?

Thanks Paul


6 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    The easiest way is to delete the organizational unit menu:

    context.Menu.GetAdministration().Items.FirstOrDefault(x => x.Name.Equals(IdentityMenuNames.GroupName))?.TryRemoveMenuItem(IdentityMenuNames.OrganizationUnits);
    

    If you want to disable the API:

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(IOrganizationUnitAppService))]
    [RemoteService(false)]
    public class MyOrganizationUnitAppService : OrganizationUnitAppService, IOrganizationUnitAppService
    {
        public MyOrganizationUnitAppService(
            OrganizationUnitManager organizationUnitManager,
            IdentityUserManager userManager,
            IOrganizationUnitRepository organizationUnitRepository,
            IIdentityUserRepository identityUserRepository,
            IIdentityRoleRepository identityRoleRepository) 
            : base(
                organizationUnitManager,
                userManager, 
                organizationUnitRepository,
                identityUserRepository, 
                identityRoleRepository)
        {
        }
    }
    
  • User Avatar
    0
    paulmcelhinney created

    Thanks for the quick response.

    I noticed that the UI seems to be driven off the AbpPermissionGrants table and that if I change the provider key for the row with the Name "AbpIdentity.OrganizationUnits" from "admin" to "" it removes the item from the application. It seems like a better approach might be setting rows with this value to not have access rather than updating the code. That way, if our needs change later we can simply update the database to allow access to organization units. What would be the best way to ensure that rows with the Name "AbpIdentity.OrganizationUnits" do not have a provider key of "admin" since it looks like this table is populated for every tenant that gets added?

    I tried to disable the api following the instructions above but am not sure if I'm doing it right because the API still seems to be functioning. Besides disabling it, I also want to remove it from the API.

    I created a customOrganizationUnit class in my Application project and added one additional attribute that I thought would remove it from the API but it neither removes it from the API nor disables it.

    using System;
    using System.Collections.Generic;
    using System.Text;
    using Volo.Abp.DependencyInjection;
    using Volo.Abp;
    using Volo.Abp.Identity;
    using JetBrains.Annotations;
    
    namespace CycleClarity.WebPlatform.OrganizationUnits
    {
        [Dependency(ReplaceServices = true)]
        [ExposeServices(typeof(IOrganizationUnitAppService))]
        [RemoteService(IsEnabled = false, IsMetadataEnabled = false)]
        public class MyOrganizationUnitAppService : OrganizationUnitAppService, IOrganizationUnitAppService
        {
            public MyOrganizationUnitAppService(
                OrganizationUnitManager organizationUnitManager,
                IdentityUserManager userManager,
                IOrganizationUnitRepository organizationUnitRepository,
                IIdentityUserRepository identityUserRepository,
                IIdentityRoleRepository identityRoleRepository)
                : base(
                    organizationUnitManager,
                    userManager,
                    organizationUnitRepository,
                    identityUserRepository,
                    identityRoleRepository)
            {
            }
            
        }
    }
    

    In my application module, ConfigureServices I added the following:

     context.Services.Replace(
                ServiceDescriptor.Transient<IOrganizationUnitAppService, MyOrganizationUnitAppService>());
    

    Thanks, Paul

  • User Avatar
    0
    paulmcelhinney created

    So, I figured out how to remove the options by overriding the permissions in the Application.Contracts project in the PermissionDefinitionProvider.cs

    public class WebPlatformPermissionDefinitionProvider : PermissionDefinitionProvider
        {
            
            public override void PostDefine(IPermissionDefinitionContext context)
            {
                //Remove the Organization Unit functionality by overriding permissions and setting it to not enabled/granted
                context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.Default).IsEnabled = false;
                context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageOU).IsEnabled = false;
                context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageRoles).IsEnabled = false;
                context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageUsers).IsEnabled = false;
    
            }
    	}
       
    

    So, any ideas on why the earlier changes did not result in the endpoints not being removed from the Swagger UI?

    Thanks Paul

  • User Avatar
    0
    alper created
    Support Team Director

    you can hide the endpoints easily, see https://support.abp.io/QA/Questions/264/How-to-hide-an-endpoint-from-Swagger

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Yes, you can set IsEnabled to false, A disabled permission will be prohibited for everyone. it will always return prohibited.

    Currently no good way to remove it from the API, but this can still be done:

    This way, API endpoints will not be created

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(IAbpServiceConvention))]
    public class MyServiceConvention : AbpServiceConvention, ITransientDependency
    {
        public MyServiceConvention(IOptions<AbpAspNetCoreMvcOptions> options) : base(options)
        {
    
        }
    
        protected override void ApplyForControllers(ApplicationModel application)
        {
            application.Controllers.RemoveAll(x => x.ControllerType == typeof(OrganizationUnitController));
            
            base.ApplyForControllers(application);
        }
    }
    
  • User Avatar
    0
    paulmcelhinney created

    Thanks - I ended up just hiding it from Swagger. The other change I made to limit permissions will prevent anyone from succesfully calling the endpoints.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11