Open Closed

Third level permissions are displayed as second level in identity module #6463


User avatar
0
roberto.fiocchi created
  • ABP Framework version: v7.4.5
  • UI Type: Blazor WASM
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace: none

Steps to reproduce the issue:

  • Create a new Blazor Wasm solution using abp suite
  • Define the three levels of permission in the Permissions.cs:
public static class Level
{
    public const string FirstLevel = GroupName + ".FirstLevel";
    public const string SecondLevel = FirstLevel + ".SecondLevel";
    public const string ThirdLevel = SecondLevel + ".ThirdLevel";
}
  • Add the permissions to the PermissionDefinitionProvider.cs:
var firstLevelPermission = myGroup.AddPermission(PermissionsIssuePermissions.Level.FirstLevel, L("Permission:FirstLevel"));
var secondLevelPermission = firstLevelPermission.AddChild(PermissionsIssuePermissions.Level.SecondLevel, L("Permission:SecondLevel"));
var thirdLevelPermission = secondLevelPermission.AddChild(PermissionsIssuePermissions.Level.ThirdLevel, L("Permission:ThirdLevel"));
  • Run the application and open the Permissions modal on the "admin" role:
  • Notice how the "SecondLevel" and "ThirdLevel" permissions look to be on the same permission level even tho the "ThirdLevel" permission is a child of "SecondLevel" permission

11 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We supported this case in 8.0

    See https://github.com/abpframework/abp/pull/18343

  • User Avatar
    0
    roberto.fiocchi created

    Hi,

    Thanks for the reply! Is there any possibility to have that feature in version 7.4.5? We would rather not migrate to .Net 8 yet.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can override the PermissionManagementModal component by the code of https://github.com/abpframework/abp/pull/18343/files

  • User Avatar
    0
    roberto.fiocchi created

    Hi,

    I have overriden the PermissionManagmentModal and now im able to see the sublevels, but i have noticed that when i uncheck a parent permission the child permissions dont get unchecked. After further investigation i have found this piece of code in the PermissionManagmentModal:

    protected List<PermissionGrantInfoDto> GetChildPermissions(PermissionGroupDto permissionGroup, PermissionGrantInfoDto permission)
    {
        return permissionGroup.Permissions.Where(x => x.Name.StartsWith(permission.Name)).ToList();
    }
    

    This assumes that the child (and child's child and so on) permissions all start with parent permission Name. Our permission naming follows a different logic, Is this a naming convention for the permissions that Abp enforces? If so, could you link us the documentation that defines this naming convention?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can refer to this class.

    https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/IdentityPermissions.cs#L5

  • User Avatar
    0
    roberto.fiocchi created

    hi,

    Thanks for the link, but this didn't answer my questions:

    Is this a naming convention for the permissions that Abp enforces? If so, could you link us the documentation that defines this naming convention?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Is this a naming convention for the permissions that Abp enforces? If so, could you link us the documentation that defines this naming convention?

    No. But this is a recommended approach.

    you can consider changing this logic, I will also check it to see if we can enhance it.

    protected List<PermissionGrantInfoDto> GetChildPermissions(PermissionGroupDto permissionGroup, PermissionGrantInfoDto permission)
    {
        return permissionGroup.Permissions.Where(x => x.Name.StartsWith(permission.Name)).ToList();
    }
    
  • User Avatar
    0
    roberto.fiocchi created

    hi,

    It seems to me that as of today this is a requirment since the permission modal wont work properly if it isn't respected, What is the point of having the PermissionDefinition.AddChild() function and nesting them if the rest of the implementation doesn't use this structure?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you test this?

    protected List<PermissionGrantInfoDto> GetChildPermissions(PermissionGroupDto permissionGroup, PermissionGrantInfoDto permission)
    {
        var childPermissions = new List<PermissionGrantInfoDto>();
        GetChildPermissions(childPermissions, permissionGroup.Permissions, permission);
        return childPermissions;
    }
    
    protected void GetChildPermissions(List<PermissionGrantInfoDto> allChildPermissions, List<PermissionGrantInfoDto> permissions, PermissionGrantInfoDto permission)
    {
        var childPermissions = permissions.Where(x => x.ParentName == permission.Name).ToList();
        if (childPermissions.Count == 0)
        {
            return;
        }
    
        allChildPermissions.AddRange(childPermissions);
    
        foreach (var childPermission in childPermissions)
        {
            GetChildPermissions(allChildPermissions, permissions, childPermission);
        }
    }
    
  • User Avatar
    0
    roberto.fiocchi created

    This works:

    protected List<PermissionGrantInfoDto> GetChildPermissions(PermissionGroupDto permissionGroup, PermissionGrantInfoDto permission)
    {
        var childPermissions = new List<PermissionGrantInfoDto>();
        GetChildPermissions(childPermissions, permissionGroup.Permissions, permission);
        return childPermissions;
    }
    
    protected void GetChildPermissions(List<PermissionGrantInfoDto> allChildPermissions, List<PermissionGrantInfoDto> permissions, PermissionGrantInfoDto permission)
    {
        var childPermissions = permissions.Where(x => x.ParentName == permission.Name).ToList();
        if (childPermissions.Count == 0)
        {
            return;
        }
    
        allChildPermissions.AddRange(childPermissions);
    
        foreach (var childPermission in childPermissions)
        {
            GetChildPermissions(allChildPermissions, permissions, childPermission);
        }
    }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks. I will update the framework code.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09