Open Closed

After user login, no permission check #5000


User avatar
0
trendline created
  • ABP Framework version: v7.1.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace: no permission check
  • Steps to reproduce the issue:" Once an user login, even not assign any roles to this user, it also could access all the pages which defined with permission checking.

12 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can I reproduce this in a new template project?

    You can also try to clear the Reids.

  • User Avatar
    0
    trendline created

    hi

    Can I reproduce this in a new template project?

    You can also try to clear the Reids.

    I had tried clear the redis caching, no effort It works well with a new template, this problem occurred on my production environment after upgraded to abp 7.0.

    it is so strange, I tried delete all the records in the PermissionGrant table, now, all the user cannot get any permission

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I tried delete all the records in the PermissionGrant table

    What were the previous records?

  • User Avatar
    0
    trendline created

    I tried delete all the records in the PermissionGrant table

    What were the previous records?

    More than 4 thousands record for variant roles.....

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can find a way to reproduce it. Then I can resolve it.

  • User Avatar
    0
    trendline created

    hi

    You can find a way to reproduce it. Then I can resolve it.

    It occurred in production, I can not find a way to fix it, I can not wait anymore, I have deleted all the permission grant records. Now, I am adding the permission grant again manually

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Did you add some custom code for permissions or seed permissions?

    Can you share a username and password so I can reproduce it online?

    liming.ma@volosoft.com

  • User Avatar
    0
    trendline created

    hi

    Did you add some custom code for permissions or seed permissions?

    Can you share a username and password so I can reproduce it online?

    liming.ma@volosoft.com

    No customized code for permission related code.

    I did a stupid thing, deleted all the permission grant records directly on the production environment, now, can not find a production data to reproduce it, I am observing the permission grant records changes when adding them manually, but before I deleted them there were some odd records with "ProviderKey" filed value, it is a Guid not is a role name, I am not sure how them generated.

    I will share the information with you as new permission grant generating

  • User Avatar
    1
    Talal created

    I came in to post something similar I have been having recently. I saw this post so I am posting it here first since it could be related. In production: I log in. (even as admin) the user logs in but no pages that require permission is showing, This also happens when the user session timeout.

    If I logout then log in with same user. That does not help

    If I log out and then login with a DIFFERENT user. then I see the pages.

    Sometimes clearing browser cache for the app AND the auth server both helps.

    This is weird and started recently.

    I am on latest (7)

    If this is not related then I apologize for the OP. but please try to logout and log in with a different user and see if that help?

  • User Avatar
    0
    trendline created

    I came in to post something similar I have been having recently. I saw this post so I am posting it here first since it could be related. In production: I log in. (even as admin) the user logs in but no pages that require permission is showing, This also happens when the user session timeout.

    If I logout then log in with same user. That does not help

    If I log out and then login with a DIFFERENT user. then I see the pages.

    Sometimes clearing browser cache for the app AND the auth server both helps.

    This is weird and started recently.

    I am on latest (7)

    If this is not related then I apologize for the OP. but please try to logout and log in with a different user and see if that help?

    I have tried using different users to login, so I find this issue on the production, it has the same problem that is why I am worried it, because low level user could see the data which granted for the high level user.

  • User Avatar
    0
    Talal created

    @trendline I guess a different issue. I will create another ticket. Sorry to piggyback on your question.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi trendline

    You can share it when you are able to reproduce this problem.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19