- ABP Framework version: v3.0.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no / yes
- Exception message and stack trace: N.A
- Steps to reproduce the issue: N.A
Hi,
I am working with Authorization, Roles and Permission on Microservice architecture.
I have one role i.e. Anchor in which I have created few policies as below
- Supplier
- Supplier.Create
- Supplier.Edit
- Supplier.Delete
- Supplier.View
Case 1 : On my Role permission level i.e. Anchor I have only check box selected for Supplier Now I have one User i.e. Anchor.Admin, On user permission Ievel I have options like Supplier which is already selected, I assume this is because role(i.e. Anchor) have this option selected. Now I select one more policy for this user like say Supplier.View Expectation : Anchor.Admin should see supplier tab/menu and once the user click on view button user should be able to see the data on the popup screen because this user have Supplier.View policy selected in User permission level screen.
Case 2 : On my Role permission level i.e. Anchor(same role as case 1) I have only check box selected for Supplier Now I have one User i.e. AnchorForCheck.Admin, On user permission Ievel I have options like Supplier which is already selected, I assume this is because role(i.e. Anchor) have this option selected. Expectation : Anchor.Admin should see supplier tab/menu but once the user click on view button user should not be able to see the data on the popup screen because this user have only Supplier policy selected and no other is selected in User permission level screen.
AppService Level :
I have this annotation in place above my method [Authorize(ProfileManagementPermissions.Supplier.View)]
My Issue : In both case 1 and case 2 because of the authorize annotation placed on my method I am getting this error on UI :
An error has occurred!
Authorization failed! Given policy has not granted
But on my browsers if I check in network I am getting proper data for grantedPolicies :
Case 1:
- ProfileManagement.Supplier: true
- ProfileManagement.Supplier.View: true
Case 2:
- ProfileManagement.Supplier: true
One more thing I need to highlight here is on my ApplicationService level I dont get info like CurrentUser.Id and CurrentTenant.Id Is this something to do with my architecture or am I missing any refrences or something. I need to make it work for my Role + User level combination of permissions, as case 1 and 2 discussed above. In case you need more details for understanding, Please do ask.
Thanks
17 Answer(s)
-
0
Hi,
It looks like your project has some problems,but it's complated, can you provide simple project to reproduce? thanks.
-
0
HI @liangshiwei,
Sorry but replicating the architecture will be time taking and we need to resolve it in a give timeline, Can we just connect and may be you can have a look of the project structure and code ? It will be really helpfull
Thanks
-
0
Hi,
Ok, I can connect and look your code, but I also need some time to understand your project :). or can you provide steps to reproduce?
-
0
@liangshiwei,
We can connect, so I can give your brief understanding on my project and If needed I will provide you the steps how we build our project. Please let me know how can we connect.
Thanks
-
0
Please email me shiwei.liang@volosoft.com
-
0
Hi,
You need to use redis server.
-
0
@liangshiwei
Can you provide the links which you shared during the session here ?
Thanks
-
0
https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionStore.cs
-
0
Hi @liangshiwei,
Redis is endabled now and I am able to see the data in Redis Studio as well. But still in log.txt I am getting below mentioned logs :
[DBG] Not found in the cache: pn:C,pk:Litmus_App,n:ProfileManagement.Supplier
Still getting same error's on UI :
An error has occurred! Authorization failed! Given policy has not granted.
-
0
Hi,
I remember you don't want to user redis, however, we can make a meeting tomorrow
-
0
Hi,
I remember you don't want to user redis, however, we can make a meeting tomorrow
As I said before, We want to close this issue in the given timeline so we have to implement whatever solution available. Thanks for the meeting though. I will drop you a mail tomorrow.
Thanks again.
-
0
Solved, you need use same db for all HttpApi.Host
-
0
I am having this same issue, what was the solution?
I have a module which I refrence in my Host Monolith.
If i navigate or use an endpoint from the module I get this same error:
An error has occurred! Authorization failed! Given policy has not granted.
-
0
@jward01
Open a new question, thanks.
-
0
@liangshiwei
Sorry to reopen this issue, In my InvoiceManagement module, I am getting all the permission true in my PermissionGrantRepository output, But still I am getting Authorization error.
I have already done all the check's which I could possibly do.
- My all db's are connected to same env i.e. dev
- MultiTenancy is enabled
- Redis is working fine
-
0
@liangshiwei
Sorry to reopen this issue, In my InvoiceManagement module, I am getting all the permission true in my PermissionGrantRepository output, But still I am getting Authorization error.
I have already done all the check's which I could possibly do.
- My all db's are connected to same env i.e. dev
- MultiTenancy is enabled
- Redis is working fine
One thing I noticed though i.e.In InvoiceManagement module I have made a class
MyPermissionStore : PermissionStore
, Even if I have the breakpoint here my debugger never stop's here. And In log.txt I am not able to find any cache log where my pn:R,pk:Supplier,n:InvoiceManagement.xxxFor Role supplier, I can find data in Redis.Studio but not able to find in log's
-
0
Hi @liangshiwei
AbpClaimTypes Config and Mapping was missing from InvoiceModule. After comparing it with ProfileModule I found this issue.
Its working fine now. Finally closing this issue :)
Thanks !!!