Here is our WebModule configuration.
PreConfigure<OpenIddictBuilder>(builder =>
{
_ = builder.AddValidation(options =>
{
_ = options.AddAudiences("SafetyPlusWeb");
_ = options.UseLocalServer();
_ = options.UseAspNetCore();
});
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
// In production, it is recommended to use two RSA certificates,
// one for encryption, one for signing.
_ = serverBuilder.AddEncryptionCertificate(
GetEncryptionCertificate(context.Services.GetConfiguration()));
_ = serverBuilder.AddSigningCertificate(
GetSigningCertificate(context.Services.GetConfiguration()));
});
var domainFormat = GetDomainFormatForEnvironment(hostingEnvironment);
PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
{
options.EnableWildcardDomainSupport = true;
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}");
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}/signin-oidc");
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}/signout-callback-oidc");
});
}
}
public override void ConfigureServices(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
var domainFormat = GetDomainFormatForEnvironment(hostingEnvironment);
Configure<AbpTenantResolveOptions>(options =>
{
options.AddDomainTenantResolver(domainFormat);
});
if (!configuration.GetValue<bool>("App:DisablePII"))
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
}
if (!configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"))
{
Configure<OpenIddictServerAspNetCoreOptions>(options =>
{
options.DisableTransportSecurityRequirement = true;
});
}
if (!hostingEnvironment.IsDevelopment())
{
_ = context.Services.AddSignalR(options =>
{
options.AddFilter<AbpMultiTenantHubFilter>();
}).AddAzureSignalR();
}
ConfigureOptions(context, configuration);
ConfigureAuthentication(context);
ConfigureUrls(configuration);
ConfigureBundles();
ConfigureImpersonation(context, configuration);
ConfigureAutoMapper();
ConfigureVirtualFileSystem(hostingEnvironment);
ConfigureMultiTenancy();
ConfigureSwaggerServices(context.Services);
ConfigureExternalProviders(context, configuration);
ConfigureAutoApiControllers();
ConfigureBlazorise(context);
ConfigureRouter(context);
ConfigureMenu(context);
ConfigureCookieConsent(context);
ConfigureAuditingOptions(context);
ConfigureTheme();
Configure<SettingManagementComponentOptions>(options =>
{
options.Contributors.Add(new SafetyPlusWebSettingsComponentContributor());
});
if (!hostingEnvironment.IsDevelopment())
{
Configure<AbpTenantResolveOptions>(options =>
{
options.AddDomainTenantResolver(domainFormat);
});
}
}
```
We really need to understand better how to interact with the file management APIs so as to override them.
Managing permissions isn't the requirement here. We need support in applying permissions against the module.
Can we get some basic documentation and or explanation of how the module works?
The wiki is very limited on this module.
Hi
It makes sense how to add permissions but what we need help with is where do we apply the permissions on a file by file basis?
How do we mark a file as confidential for example and then based on a permission filter it out from being viewable in the directory tree?
Can you give some guidance on a good place to start interacting with the existing code?
Can we override any existing classes?
Hi Anjali
I see what you're saying but we need to apply permissions on a per folder and per file basis.
Yes that would be helpful.
Basically the goal is to reduce the number of clicks that a user has to do to change accounts across tenants.
So imagine a scenario where the user is on an invoices page and they want to enter invoices for one tenant and then quickly switch to another tenant and add invoices there as well.
The current navigation is kind of clicky and involves multiple steps to switch tenants.
The goal would be something that is a little bit more like say Gmail for example where you can switch back and forth with ease and few clicks.
And I understand that there are some technical challenges and limitations from what I initially asked.
Therefore with the goals that we have in mind are there any easy wins that we can implement as an alternative?
Is there any way we can streamline it or reduce the number of clicks? Any suggestions on how we can improve the user experience?
Basically can you think of any recommendations that we could apply in a reasonable fashion?
How are permissions mapped to File Management files and actions?
Is it possible to bypass the "My Account" page with the linked account module and instead return directly to the previously opened page?
Is it possible to seed linked accounts to a new user. For example allowing a support user to login to any account using linked accounts.