- ABP Framework version: v8.1.1
- UI Type: Angular
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
Continue of Dynamic permissions question but with more complex scenario.
I have the entities Risk, Plan, and Task with 1-n relation between them (Risk 1-n Plan) and (Plan 1-n Task). each entity has a property OwnerId which is related to users entity. Now regarding permission: if I assign the RisksPermission to some user, he should see all risks, but if another user is assigned as owner for a task or plan, he should see the related risks only (not the ones he is not part of). I managed to make this work in a monolith project as follows:
- Define
DynamicPermissionValueProviderwithProviderName = "D" - When user is assigned as owner for task or plan, grant this user
RisksPermissionusing this dynamic provider (usingIPermissionManager.SetAsyncmethod) - When listing the risks: check if the user has the permission with
RolePermissionValueProviderorUserPermissionValueProviderreturn all risks, if the permission is granted withDynamicPermissionValueProvider, filter the risks.
Now this approach is good for frontend (angular) when using requiredPolicy for RoutesService (if the user has the permission with any provider, he can see the risks menu item).
The problem of this approach with microservice project is that IPermissionManager is only provided in administration service and can't be used in other services.
How can I achieve this scenario in a microservice project.
Thanks in advance
6 Answer(s)
-
0
Hi,
They are using
RemotePermissionCheckerhttps://github.com/abpframework/abp/blob/rel-8.3/framework/src/Volo.Abp.AspNetCore.Mvc.Client.Common/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs#L8you can override it.
-
0
Hi, I checked it and couldn't figure out how to get the provider that is granting the required permission, it can only tell if the permission is granted or not. Also the methods are not defined
virtualso couldn't override them -
0
Hi,
after my check,you can use
IPermissionManagerwithout any problem
-
0
I checked it and it works fine in the
Api.Hostproject. How can I use it in the application layer? try to useIPermissionManagerin theProductService.Applicationproject, it will not work directly. There is some dependency I need to add, can you tell what dependency or projects I need to add to make it work? -
0
Hi,
yes ,you need to add some dependency.
add
Volo.Abp.PermissionManagement.Domainpackage and module dependency -
0
Hi, I resovled package and module dependency, and was able to use
IPermissionManagerin my service, but faced another issue. I defined newDynamicPermissionManagementProviderextendsPermissionManagementProviderandDynamicPermissionValueProviderextendsPermissionValueProviderto grant some users some dynamic permissions. I was able to use the new provider and could see the granted permissions in the tableAbpPermissionGrantsin database. Also logged the result of getting the permission using this line of code:var granted = await _permissionManager.GetAsync(RisksManagementServicePermissions.Risks.Default, DynamicPermissionValueProvider.ProviderName, CurrentUser.Id.Value.ToString());And found that the permission is actually granted to the user using my provider. But from angular side, when sending
application-configurationrequest (which includes in its responseauth -> grantedPoliciesto tell angular app current users' permissions, I don't see my permission granted!Any idea?
