- ABP Framework version: v8.0.4
- UI Type: MVC
- Database System: MySQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
Hi Abp team,
I am building a license management and Virtual Server Provisioning system. below are few entity I have created Product.cs ProductVersion.cs ProductFeature.cs License.cs ServerDetail.cs ServerFeature.cs Plan.cs Pricing.cs
The challenge, I am facing is that I want my tenant to only ReadOnly Access of entities (not allowing to add / update or delete). and only want them to add an entry in Plan.cs entity, how can i control as the Host user? Also, Is there anyway, I can manage Tenant roles where I as a host create delete and update, however Tenant only able to see pre seeded/created roles?
many thx, Nav
12 Answer(s)
-
0
Hi,
ABP supports multi-tenancy as a first class citizen. You can define multi-tenancy side option while defining a new permission. It gets one of the three values defined below:
Host: The permission is available only for the host side. Tenant: The permission is available only for the tenant side. Both (default): The permission is available both for tenant and host sides.
https://docs.abp.io/en/abp/latest/Authorization#multi-tenancy
You can set the create, edit, and delete permission definitions to host, in this way, the tenant will not have permissions
-
0
Also, Is there anyway, I can manage Tenant roles where I as a host create delete and update, however Tenant only able to see pre seeded/created roles?
You can set role create, delete, and edit permissions to only apply to the host.
And create a new manage tenant roles page for the host:
public class CreateTenantRoleInput { public string TenantName {get; set;} .... } public class ManageTenantRolesAppService:... { public async Task CreateAsync(CreateTenantRoleInput input) { var tenant = await _tenantStore.FindAsync(input.Tenant); using(currentTenant.Change(tenant.Id)) { _roleRepositpry.InsertAsync(..); } } }
-
0
Hi,
ABP supports multi-tenancy as a first class citizen. You can define multi-tenancy side option while defining a new permission. It gets one of the three values defined below:
Host: The permission is available only for the host side. Tenant: The permission is available only for the tenant side. Both (default): The permission is available both for tenant and host sides.
https://docs.abp.io/en/abp/latest/Authorization#multi-tenancy
You can set the create, edit, and delete permission definitions to host, in this way, the tenant will not have permissions
Hi liangshiwei,
Thanks for your suggestion, that was easy to implement.
As I have complex query to run, how can i determine if current uses is from Host or Tenant? one idea is to inject ICurrentUser and query as ( _currentUser.TenantId == null ) to determine, Is this correct way or are there any other way?
-
0
Hi,
You can inject the
ICurrentTenant
andICurrentUser
if(!_currentTenant.IsAvailable) { ...host } Or if(_currentTenant.TenantId == null) { ...host }
-
0
Also, Is there anyway, I can manage Tenant roles where I as a host create delete and update, however Tenant only able to see pre seeded/created roles?
You can set role create, delete, and edit permissions to only apply to the host.
And create a new manage tenant roles page for the host:
public class CreateTenantRoleInput { public string TenantName {get; set;} .... } public class ManageTenantRolesAppService:... { public async Task CreateAsync(CreateTenantRoleInput input) { var tenant = await _tenantStore.FindAsync(input.Tenant); using(currentTenant.Change(tenant.Id)) { _roleRepositpry.InsertAsync(..); } } }
Hi liangshiwei,
I tried to investigate your solution, however, I believe I am may complicating it further while trying to adjust my project. I have below options and may be you can help me with another idea
- Remove multi tenancy completely and control Users actions by defining roles permission
- Another idea is to remove multi-tenancy and create a "Company Id" and somehow I filter uses of one company who buy license and VPS servers, if I follow this path, any suggestion how can I filter it
- Third option is keep it multi-tenant and try to build custom pages for roles and users similar to your suggestions above
Any other idea??
-
0
Hi,
Remove multi tenancy completely and control Users actions by defining roles permission
I think this is the easiest way
Another idea is to remove multi-tenancy and create a "Company Id" and somehow I filter uses of one company who buy license and VPS servers, if I follow this path, any suggestion how can I filter it
You can check the document: https://docs.abp.io/en/abp/latest/Data-Filtering#defining-custom-filters
-
0
Another idea is to remove multi-tenancy and create a "Company Id" and somehow I filter uses of one company who buy license and VPS servers, if I follow this path, any suggestion how can I filter it
You can check the document: https://docs.abp.io/en/abp/latest/Data-Filtering#defining-custom-filters
Many thanks liangshiwei,
We have decided to use your above suggestion, it is easy to set a global filter, however not sure how to convert bool to a company filter?
could you please suggest?
I created an interface as ICompany
public interface ICompany { string CompanyName { get; } }
what am I missing below? how can I filter as e.CompanyName == _user.CompanyName
protected bool IsCompanyFilterEnabled => DataFilter?.IsEnabled<ICompany>() ?? false; protected override bool ShouldFilterEntity<TEntity>(IMutableEntityType entityType) { if (typeof(ICompany).IsAssignableFrom(typeof(TEntity))) { return true; } return base.ShouldFilterEntity<TEntity>(entityType); } protected override Expression<Func<TEntity, string>> CreateFilterExpression<TEntity>() { var expression = base.CreateFilterExpression<TEntity>(); if (typeof(ICompany).IsAssignableFrom(typeof(TEntity))) { Expression<Func<TEntity, string>> isCompanyFilter = e => !IsCompanyFilterEnabled || EF.Property<string>(e, "ICompany").where(e.CompanyName == _user.CompanyName); expression = expression == null ? isCompanyFilter : QueryFilterExpressionHelper.CombineExpressions(expression, isCompanyFilter); } return expression; }
-
0
Hi,
You can add the
CompanyName
to the user's claims.https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory https://docs.abp.io/en/abp/latest/Modules/OpenIddict#updating-claims-in-access_token-and-id_token
protected override Expression> CreateFilterExpression() { var expression = base.CreateFilterExpression(); var companyName = currentUser.FindClaimValue("....") if (typeof(ICompany).IsAssignableFrom(typeof(TEntity))) { Expression> isCompanyFilter = e => !IsCompanyFilterEnabled || EF.Property(e, "ICompany").where(e.CompanyName == companyName); expression = expression == null ? isCompanyFilter : QueryFilterExpressionHelper.CombineExpressions(expression, isCompanyFilter); } return expression; }
-
0
Hi,
You can add the
CompanyName
to the user's claims.https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory https://docs.abp.io/en/abp/latest/Modules/OpenIddict#updating-claims-in-access_token-and-id_token
protected override Expression> CreateFilterExpression() { var expression = base.CreateFilterExpression(); var companyName = currentUser.FindClaimValue("....") if (typeof(ICompany).IsAssignableFrom(typeof(TEntity))) { Expression> isCompanyFilter = e => !IsCompanyFilterEnabled || EF.Property(e, "ICompany").where(e.CompanyName == companyName); expression = expression == null ? isCompanyFilter : QueryFilterExpressionHelper.CombineExpressions(expression, isCompanyFilter); } return expression; }
Hi liangshiwei,
We follow ABP modular practice (Instead of Application Template, we develop Module Template), so what is the correct place to put the above Custom Filter, IN Module.EntityFrameworkCore or my Tiered Application.EntityFrameworkCore?
Also, how can I make sure that when I am creating a Module and Tiered Application via ABP SUITE, it is Host-only and does not have Tenant or Edition?
By default does the ABP suite include Tenant Management & Edition Management in the application?
Thanks, Navneet
-
0
We follow ABP modular practice (Instead of Application Template, we develop Module Template), so what is the correct place to put the above Custom Filter, IN Module.EntityFrameworkCore or my Tiered Application.EntityFrameworkCore?
You can add a custom filter both in Module.EntityFrameworkCore and Application.EntityFrameworkCore
Also, how can I make sure that when I am creating a Module and Tiered Application via ABP SUITE, it is Host-only and does not have Tenant or Edition?
https://docs.abp.io/en/abp/latest/Multi-Tenancy#abpmultitenancyoptions-enable-disable-multi-tenancy
Multi-Tenancy is disabled in the ABP Framework by default. However, it is enabled by default when you create a new solution using the startup template. MultiTenancyConsts class in the solution has a constant to control it in a single place.
By default does the ABP suite include Tenant Management & Edition Management in the application?
Yes, it's
-
0
Hi liangshiwei,
Many thx for your help.
Final question, should I remove Tenant Management and Edition Management module so that my client not able to enable it without my permission
-
0
Hi,
You can remove them, but I don't recommend it.