Hi, Thank you. It's clear now
Hi, I managed to make it work without any customization. The issue was that I defined my custom permission provider in another microservice, and the configuration request was redirected to administration service. When I moved the permission provider to administration service, it worked. Now I have a question related to some code that I needed to write:
To add my provider I needed to write this code
public override void ConfigureServices(ServiceConfigurationContext context)
{
// Other codes
Configure<PermissionManagementOptions>(options =>
{
options.ManagementProviders.Add<DynamicPermissionManagementProvider>();
options.ProviderPolicies[DynamicPermissionValueProvider.ProviderName] = AdministrationServicePermissions.Dashboard.Host;
});
Configure<AbpPermissionOptions>(options =>
{
options.ValueProviders.Add<DynamicPermissionValueProvider>();
});
}
My question is about this line
options.ProviderPolicies[DynamicPermissionValueProvider.ProviderName] = AdministrationServicePermissions.Dashboard.Host;
Why is this needed? and does it matter what permission I provide for it?
Hi,
I resovled package and module dependency, and was able to use IPermissionManager
in my service, but faced another issue.
I defined new DynamicPermissionManagementProvider
extends PermissionManagementProvider
and DynamicPermissionValueProvider
extends PermissionValueProvider
to grant some users some dynamic permissions.
I was able to use the new provider and could see the granted permissions in the table AbpPermissionGrants
in database. Also logged the result of getting the permission using this line of code:
var granted = await _permissionManager.GetAsync(RisksManagementServicePermissions.Risks.Default, DynamicPermissionValueProvider.ProviderName, CurrentUser.Id.Value.ToString());
And found that the permission is actually granted to the user using my provider. But from angular side, when sending application-configuration
request (which includes in its response auth -> grantedPolicies
to tell angular app current users' permissions, I don't see my permission granted!
Any idea?
I checked it and it works fine in the Api.Host
project. How can I use it in the application layer? try to use IPermissionManager
in the ProductService.Application
project, it will not work directly. There is some dependency I need to add, can you tell what dependency or projects I need to add to make it work?
Hi,
I checked it and couldn't figure out how to get the provider that is granting the required permission, it can only tell if the permission is granted or not. Also the methods are not defined virtual
so couldn't override them
Continue of Dynamic permissions question but with more complex scenario.
I have the entities Risk
, Plan
, and Task
with 1-n
relation between them (Risk
1-n Plan
) and (Plan
1-n Task
). each entity has a property OwnerId
which is related to users entity. Now regarding permission: if I assign the RisksPermission
to some user, he should see all risks, but if another user is assigned as owner for a task or plan, he should see the related risks only (not the ones he is not part of). I managed to make this work in a monolith project as follows:
DynamicPermissionValueProvider
with ProviderName = "D"
RisksPermission
using this dynamic provider (using IPermissionManager.SetAsync
method)RolePermissionValueProvider
or UserPermissionValueProvider
return all risks, if the permission is granted with DynamicPermissionValueProvider
, filter the risks.Now this approach is good for frontend (angular) when using requiredPolicy
for RoutesService
(if the user has the permission with any provider, he can see the risks menu item).
The problem of this approach with microservice project is that IPermissionManager
is only provided in administration service and can't be used in other services.
How can I achieve this scenario in a microservice project.
Thanks in advance
Thanks I solved my problem
Global filter is a nice approach, but needs some modifications for my case. I need in some place (maybe inside CreateFilterExpression
method or ShouldFilterEntity
method) to check the following: if the current user has the static permission (given from permissions dialog), the filter should not be applied (i.e: return all products). But If the user is not given the permission, the filter should apply (return only the products he was assigned as owner for).
P.S: my solustion is a micro-service solution, so I can't use IPermissionManager
in all micro-services (the PermissionManagement
module is only added to AdministrationService
)
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:
Hi, I have a custom requirement with permissions and would like to hear a suggested solution for it if possible.
Let's say I have an entity (ex: product
) with a property OwnerId
which is a relation to user entity. Now I need to set permissions for products. If I give a user (user1
) the permissions from the permissions dialog, he should be able to list all products (normal and straight-forward behaviour). My custom requirement is that any user that was assigned as OwnerId
for some products, should be able to see only the products that he was assigned for (not all products in the system).
Example:
I have 2 products (p1
and p2
) and 2 users user1
with products permission and user2
assigned as owner for p1
=> user1
should see the 2 products, user2
should see only p1
I found the issue. In my service appsettings.json
file, the AuthServer:Authority
was wrong (was kept to localhost instead of the server URL of my service), when changed it worked fine. But I have a question (suggestion) regarding this: adding a new microservice to an existing solution requires some tedious code to be added (most of it inside OpenIddictDataSeeder
) can't we automate this inside abp new
command?
Thanks