Open Closed

After user login, no permission check #5000


User avatar
0
trendline created
  • ABP Framework version: v7.1.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace: no permission check
  • Steps to reproduce the issue:" Once an user login, even not assign any roles to this user, it also could access all the pages which defined with permission checking.

12 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can I reproduce this in a new template project?

    You can also try to clear the Reids.

  • User Avatar
    0
    trendline created

    hi

    Can I reproduce this in a new template project?

    You can also try to clear the Reids.

    I had tried clear the redis caching, no effort It works well with a new template, this problem occurred on my production environment after upgraded to abp 7.0.

    it is so strange, I tried delete all the records in the PermissionGrant table, now, all the user cannot get any permission

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I tried delete all the records in the PermissionGrant table

    What were the previous records?

  • User Avatar
    0
    trendline created

    I tried delete all the records in the PermissionGrant table

    What were the previous records?

    More than 4 thousands record for variant roles.....

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can find a way to reproduce it. Then I can resolve it.

  • User Avatar
    0
    trendline created

    hi

    You can find a way to reproduce it. Then I can resolve it.

    It occurred in production, I can not find a way to fix it, I can not wait anymore, I have deleted all the permission grant records. Now, I am adding the permission grant again manually

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Did you add some custom code for permissions or seed permissions?

    Can you share a username and password so I can reproduce it online?

    liming.ma@volosoft.com

  • User Avatar
    0
    trendline created

    hi

    Did you add some custom code for permissions or seed permissions?

    Can you share a username and password so I can reproduce it online?

    liming.ma@volosoft.com

    No customized code for permission related code.

    I did a stupid thing, deleted all the permission grant records directly on the production environment, now, can not find a production data to reproduce it, I am observing the permission grant records changes when adding them manually, but before I deleted them there were some odd records with "ProviderKey" filed value, it is a Guid not is a role name, I am not sure how them generated.

    I will share the information with you as new permission grant generating

  • User Avatar
    1
    Talal created

    I came in to post something similar I have been having recently. I saw this post so I am posting it here first since it could be related. In production: I log in. (even as admin) the user logs in but no pages that require permission is showing, This also happens when the user session timeout.

    If I logout then log in with same user. That does not help

    If I log out and then login with a DIFFERENT user. then I see the pages.

    Sometimes clearing browser cache for the app AND the auth server both helps.

    This is weird and started recently.

    I am on latest (7)

    If this is not related then I apologize for the OP. but please try to logout and log in with a different user and see if that help?

  • User Avatar
    0
    trendline created

    I came in to post something similar I have been having recently. I saw this post so I am posting it here first since it could be related. In production: I log in. (even as admin) the user logs in but no pages that require permission is showing, This also happens when the user session timeout.

    If I logout then log in with same user. That does not help

    If I log out and then login with a DIFFERENT user. then I see the pages.

    Sometimes clearing browser cache for the app AND the auth server both helps.

    This is weird and started recently.

    I am on latest (7)

    If this is not related then I apologize for the OP. but please try to logout and log in with a different user and see if that help?

    I have tried using different users to login, so I find this issue on the production, it has the same problem that is why I am worried it, because low level user could see the data which granted for the high level user.

  • User Avatar
    0
    Talal created

    @trendline I guess a different issue. I will create another ticket. Sorry to piggyback on your question.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi trendline

    You can share it when you are able to reproduce this problem.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.3.0-preview. Updated on April 16, 2025, 12:13