Open Closed

Authorize attribute working with several permissions based on logical condition #1348


User avatar
0
alexander.nikonov created
  • ABP Framework version: v4.3.0
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes

I need to use logical conditions (mainly "OR") for some AbpController calls. I need to have it transparent, so the best way is to extend Authorize attribute functionality. I've read your documentation about Authorization - https://docs.abp.io/en/abp/latest/Authorization - but found nothing that would suit my needs.

You used to use AbpAuthorize and similar attributes on different layers which allowed to supply an array of policies and AND / OR indicator (RequireAllPermissions). Seems like it is not used anymore (at least, I could not make it work).

Well, OK - if you are using AuthorizeAttribute from Microsoft now - I found the article describing similar task and overrode a bunch of classes (but reused some of your code), please see the attach:

https://1drv.ms/u/s!AhWdpZddvifTtjEHoKMud74vu7No?e=LmsXGB

HttpApiHostModule:

    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        ...

        context.Services.AddSingleton<IAuthorizationHandler, AbxPermissionHandler>();

        context.Services.AddSingleton<IAuthorizationPolicyProvider, AbxPermissionAuthorizationPolicyProvider>();
    }

Now in general it works, but I am not sure it's fully correct. Could you please have a look? Is there an easier way to do what I want?

One more question: some ABP UI controls are extended by us, i.e. we took ABP components and injected them in our components or just copied a source code (User, Organization Units, Tenants, etc.). For such controls we have own permissions. But the issue now is we have both ABP and own permissions and sometimes it is required to tick them all to make UI control work without erors. Is there an easier way, i.e. to tick only OUR permissions and make whole control work without 401 / 403 errors?

Also I am not very happy there is limitation for two permissions in *abpPermission directive in Angular UI: is there easy way to have more?

Call:

[AbxPermissionAuthorize(PermissionOperator.Or, CentralToolsPermissions.Licences.Default, CentralToolsPermissions.Modules.Default)]
public class LicenceController : AbpController

Or probably I need to use TypeFilterAttribute instead?


4 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    authorize attribute is extended from Microsoft authorize. and it's policy based authorizations. you can create custom policies for your requirement https://docs.microsoft.com/en-us/aspnet/core/security/authorizationpolicies?view=aspnetcore-5.0

  • User Avatar
    0
    alexander.nikonov created

    Hmmm..

  • User Avatar
    0
    alper created
    Support Team Director

    sometimes Microsoft also broken!

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-5.0

  • User Avatar
    0
    ServiceBot created
    Support Team Automatic process manager

    This question has been automatically marked as stale because it has not had recent activity.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35