- ABP Framework version: v8.0.0
- UI Type: Angular / MVC / Blazor WASM / Blazor Server
- Database System: EF Core (SQL Server)
I'm struggling to get around how to manage permissions, permissions no longer used and permissions per role.
- I would like to delete the permission groups above. What are the options I have for doing that?
- I would like to define the permissions of a given role. What are the options I have for doing that?
- How do I ensure that new tenants being created always get the latest set of default permissions for the application?
- Can I disable the out-of-the-box admin role?
Thanks!
7 Answer(s)
-
0
hi
- I would like to delete the permission groups above. What are the options I have for doing that?
See https://docs.abp.io/en/abp/latest/Authorization#changing-permission-definitions-of-a-depended-module
- I would like to define the permissions of a given role. What are the options I have for doing that?
group.AddPermission("MyPermission6").WithProviders(RolePermissionValueProvider.ProviderName);
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs#L140-L148
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs#L31-L35
- How do I ensure that new tenants being created always get the latest set of default permissions for the application?
The template project already did this.
See MyProjectNameTenantDatabaseMigrationHandler
https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs#L28-L52
- Can I disable the out-of-the-box admin role?
Yes.
-
0
Sorry, maybe I'm missing something here.
1. I would like to delete the permission groups above. What are the options I have for doing that?
How does this help deleting the groups I posted in my question? I would like to have permissions that I no longer define deleted from the application.
2. I would like to define the permissions of a given role. What are the options I have for doing that? Currently, I create my roles using IdentityRoleManager.CreateAsync and then the permissions are loaded into the system through the class inheriting from PermissionDefinitionProvider. If I am to create my roles and associate the default permissions for my role, are you saying that I create
group.AddPermission("MyPermissionName").WithProviders("IdentityRoleName);
?3. How do I ensure that new tenants being created always get the latest set of default permissions for the application? I'm on ABP commercial and would like to ensure that new tenants have the roles and also the permissions associated with the role created by default. If I do what is explained in step 2, do I achieve what I would like to?
4. Can I disable the out-of-the-box admin role? How do I do that?
Thanks
-
0
hi
You can check out these two documents to learn how to define permissions and initialize some permissions for tenants.
https://docs.abp.io/en/abp/latest/Authorization https://docs.abp.io/en/abp/latest/Data-Seeding
Can I disable the out-of-the-box admin role?
You can override the
IdentityDataSeeder
to disable theadmin
role. -
0
I'm sorry, but I checked both documents before coming here; otherwise, I wouldn't have created a ticket.
If you refuse to give me an answer, that's OK. I have a fully functional system, but I can't see how I can remove the permission groups in either document you have suggested so far. If that's as simple as you suggested, I would really appreciate if you could copy something from the actual page that indicates how to do what I am asking.
-
0
hi
I'd be happy to provide an answer. :)
how I can remove the permission groups in either document you have suggested so far.
You can try to remove the permission group from your
PermissionDefinitionProvider
.public class MyProjectNamePermissionDefinitionProvider : PermissionDefinitionProvider { public override void Define(IPermissionDefinitionContext context) { var myGroup = context.AddGroup(MyProjectNamePermissions.GroupName); //Define your own permissions here. Example: //myGroup.AddPermission(MyProjectNamePermissions.MyPermission1, L("Permission:MyPermission1")); // var identityGroup = context.GetGroupOrNull(IdentityPermissions.GroupName); // if (identityGroup != null) // { // context.RemoveGroup(identityGroup.Name); // } } private static LocalizableString L(string name) { return LocalizableString.Create<MyProjectNameResource>(name); } }
-
0
-
0
hi
2.
You can use
RolePermissionValueProvider.ProviderName
as the Provider of a permission definition. You can't use Roles.Admin and Roles.Workshop.Owner.group.AddPermission("MyPermission6").WithProviders(RolePermissionValueProvider.ProviderName);
If you want to grant permissions to a role, you don't need to do this.
You can use:
await permissionManager.SetForRoleAsync("your_role_name", TestPermissionNames.MyPermission1, true);