Activities of "alexander.nikonov"
You can replace the component with yours and use the your own service to get roles. https://docs.abp.io/en/abp/latest/UI/Angular/Component-Replacement
I already use a DepartmentComponent instead of ABP OrganizationUnitsComponent.
It generally "mimics" the ABP "Organization Units" component behavior.
The problem is that when on "Roles" tab you click "Add Role" - modal component OrganizationRolesModalBodyComponent is shown which itself is NOT replaceable. It uses the following service to fill the list of roles:
The only way to affect this list that I can see it to replace dependency-injected service IdentityRoleService. However, as I have written before, I don't know how to do it properly (if possible).
You can override the repository to filter the roles.
This approach does not suit me well. I already use ABP EfCoreIdentityRoleRepository in many places of my solutions. I'd prefer to leave ABP EfCoreIdentityRoleRepository intact, but instead replace client-side ABP IdentityRoleService for specific component(s):
I've tried to inherit this service, but bumped into the problem: for some reason ABP implementation uses arrow functions instead of prototype-level functions, so I cannot override them in my class:
There are no "MR" permissions there. I have the idea why. Meanwhile I'm going to create a separate package for optional adding Module Roles functionality to different projects. So the questions are:
a) Is it possible to have all providers on ONE layer? Because currently they are split between "Domain" and "Application.Contracts" layers following ABP source code structure. Maybe I'm missing something:
My idea is to enable this functionality in minimum of steps, i.e. just include the package to one layer (project) or to configure it in one place of one project (if possible);
b) How to filter out this query? I don't want to show "MR" roles here:
Sorry, cannot prepare the test project which would cover our functionality, it would take too much time.
I've managed to resolve the permission issue, I guess. Probably it was caused by the scenario when a user has no user roles assigned - only his department's roles... I will get back to this part later probably.
I guess it's ok, the Front-end loads permission grant datas from backend
It does not look right now... Please have a look at whole chain:
a) current user has "Role 1" assigned":
b) "Role 1" is granted "CT;CTApli:DT~Modify" permission:
c) Angular app does not see this permission (even though back-end check in the AbxRolePermissionValueProvideris ok - probably there is no direct connection between its result and what getGrantedPolicy returns at client-side) :
I'm completely lost. I've overridden PermissionAppService, but it does not resolve the issue - I'm getting this kind of exception even on "R" provider - now I'm trying to READ permissions of an ordinary role:
- there is only
Authorizeattribute decorating this method, no permission at all!
The exception happens on GetAsync:
public async Task<PagedResultDto<PermissionGrantInfoDto>> GetPermissionsAsync(GetRolePermissionsInput input)
{
var role = await _identityRoleRepository.FindAsync(input.Id, false);
if (role == null)
{
throw new BusinessException(DomainErrorCodes.NotFound, _stringLocalizer.GetString("Roles:RoleNotFound"));
}
var permissionListResultDto = await _permissionAppService.GetAsync(RolePermissionValueProvider.ProviderName, role.Name); !!!EXCEPTION
var itemsDto = permissionListResultDto.Groups.SelectMany(x => x.Permissions)
.WhereIf(input.IsGranted.HasValue, x => x.IsGranted == input.IsGranted.Value)
.WhereIf(!string.IsNullOrWhiteSpace(input.Permission), x => x.Name.IndexOf(input.Permission, StringComparison.OrdinalIgnoreCase) != -1 || x.DisplayName.IndexOf(input.Permission, StringComparison.OrdinalIgnoreCase) != -1);
return new PagedResultDto<PermissionGrantInfoDto>
{
TotalCount = itemsDto.Count(),
Items = itemsDto.ComplexOrderBy(input.Sorting).Skip(input.SkipCount).Take(input.MaxResultCount).ToList()
};
}
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, String policyName) at Volo.Abp.PermissionManagement.PermissionAppService.CheckProviderPolicy(String providerName) at AbxEps.CentralTools.Permissions.CentralToolsPermissionAppService.CheckProviderPolicy(String providerName) in C:\CT\AbxEps.CentralTools\aspnet-core\src\AbxEps.CentralTools.Application\Permissions\CentralToolsPermissionAppService.cs:line 49 at Volo.Abp.PermissionManagement.PermissionAppService.GetAsync(String providerName, String providerKey)
Probably it is somehow related to my new custom "Roles" page. When I navigate to it, unlike to other pages, AbxModuleRolePermissionValueProvider => CheckAsync is not triggered. I relogged in, but it did not help.
The PermissionProvider seems to be OK, it does contain the required permissions:
And the user does contain these permissions:
BTW, "admin" is a public role from user's department, not a manually assigned. But it should not be difference, right?
Does the currently logged-in user have the permission?
Well.. I understand now. No, he does not. But since "MR" are not only permissions for ordinary roles, but also they are ABP roles themselves (just having a special extra properties) - I want them to be always available, like any role (not like permission which must be granted). They are never supposed to be checked as permissions (their permissions are). So how to make them always available?
Thank you for the response. We are moving on.
I'm replacing "Roles" page completely. And here is a strange error. Suddenly I'm getting error on this line:
await _permissionAppService.UpdateAsync(AbxModuleRolePermissionValueProvider.ProviderName, moduleRole.Name, new UpdatePermissionsDto { Permissions = input.Permissions });
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, String policyName) at Volo.Abp.PermissionManagement.PermissionAppService.CheckProviderPolicy(String providerName) at Volo.Abp.PermissionManagement.PermissionAppService.UpdateAsync(String providerName, String providerKey, UpdatePermissionsDto input)
The same code for RolePermissionValueProvider.ProviderName works fine.
I'm having all "MR" providers defined: Definition, Management, Value. I had experimental page which used the faulty line and it DID work. Now I can't find anything what could make it stop working and I'm stuck. Do you have suggestions where and what I could check? It looks weird, because permission list is returned properly which means Definition Provider data is OK:
public class AbxModuleRolePermissionDefinitionProvider : PermissionDefinitionProvider
{
public override void Define(IPermissionDefinitionContext context)
{
var currentUser = context.ServiceProvider.GetService<ICurrentUser>();
if (currentUser.IsAuthenticated)
{
var moduleRoleGroup = context.AddGroup(ModuleRolePermissions.GroupName, L("Permission:ModuleRoleManagement"));
var roleAppService = context.ServiceProvider.GetService<IRoleAppService>();
var moduleRoles = roleAppService.GetModuleRolesAsync(new GetModuleRolesInput()).Result;
var rolesPermission = moduleRoleGroup.AddPermission(ModuleRolePermissions.SubGroupName, L("Permission:ModuleRoles")).WithProviders("MR");
for (var i = 0; i < moduleRoles.Items.Count; i++)
{
rolesPermission.AddChild(moduleRoles.Items[i].Name).WithProviders("MR");
}
}
}
}
Thank you. Everything works fine now.
Thank you. It works.
I now have the following questions:
a) After I create "MR" roles on one page - I navigate to the other page, where I am going to assign "MR" roles (= permission definitions with "MR" provider, as we discussed above) to an ordinary role. Alas, I cannot do that until I relogin the user. Do I need to manually add the created role:
var moduleRole = new IdentityRole(GuidGenerator.Create(), roleName, CurrentTenant.Id)
{
IsDefault = false,
IsPublic = false
};
moduleRole.ExtraProperties.Add("IsModuleRole", true);
var newModuleRole = await _identityRoleRepository.InsertAsync(moduleRole, true);
to Definition Store before trying to bind it to an ordinary role (roleName):
await _permissionAppService.UpdateAsync("MR", roleName, new UpdatePermissionsDto { Permissions = input.Permissions });
?
The above is happening because the following method returns null for moduleRole.Name until relogin:
var permission = await PermissionDefinitionManager.GetOrNullAsync(permissionName);
b) I'd like to clarify: in which cases do I need to implement own PermissionManagementProvider? It has the same methods as ValueProviders, CheckAsync...
c) If I modify the module roles assigned to an ordinary role - I want to modify the corresponding "moduleRole" claims. How and where to do that efficiently (possibly caching instead of pulling from DB each time) without user relogin? I think you might have used similar mechanism already for your data. I'd prefer to update the accessible pages (and APIs) even if the page in the Angular app is reloaded; Please keep in mind, that on one hand - we are talking about ABP roles (which differ from ordinary roles only by extra field), on other hand they are permission definitions for "MR" provider;
d) will permissionServive.getGrantedPolicy or *abpPermission directive in Angular work for my "MR" permissions in the same way as it work for ordinary "R" permissions?
Sorry for long posts - I'm trying to find the answers myself, but it's just too much coming up during this development.
Hi. We recently updated to 7.01. We're not planning to update to 7.03 so far, but would like it fixed by manually changing the wrong code. Yes, the problem comes up when moving items from right to left list.