We would like to have permission mechanism on top of existing permission architecture.
For instance, current tenant's company have bound licences, each of licence determines which UI pages ("modules") are accessible for current user. Thus, is the logged-in user has no access to the given page - it has to be hidden from UI navigation route - even before checking the given app / role permissions.
How to implement this mechanism?
I've tried to override existing ABP PermissionChecker class, doing my licence check there in IsGrantedAsync, but such approach does not look fully right: I am getting error 403 if there is no access, but instead I need to have the menu item completely hidden from my Angular app navigation route. I need backend mechanism which works for both backend and frontend part.
@albert
I checked it but I couldn't see any logic to disable these tabs. The marked tabs are bootstrap dropdown toggles. Maybe this is not working in your browser. Can you try it on a different browser and send me the results?
I have not noticed, but someone in the team redefined the CSS - as a result, a tab was clicked, but its dropdown content was not displayed. Thank you for the reply!
How come that these tabs are not accessible anymore?
I discovered now I cannot access them with my admin user:
Seems like I have managed to write it properly. Could you please regain my commercial tickets count, since I've resolved this one myself??
public override async Task ResetPasswordAsync(ResetPasswordDto input)
{
await IdentityOptions.SetAsync();
var currentUser = await UserManager.GetByIdAsync(input.UserId);
var tenants = await _abxUserRepository.FindTenantsByLoginAsync(currentUser.UserName);
foreach (var tenant in tenants)
{
using (CurrentTenant.Change(tenant.AbpId))
{
var abxUser = await _abxUserRepository.FindUserByLoginAsync(currentUser.UserName, tenant.Id);
var tenantUser = await UserManager.GetByIdAsync(abxUser.Id);
var tenantUserResetToken = await UserManager.GeneratePasswordResetTokenAsync(tenantUser);
(await UserManager.ResetPasswordAsync(tenantUser, tenantUserResetToken, input.Password)).CheckErrors();
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = IdentitySecurityLogActionConsts.ChangePassword
});
}
}
}
I have the same kind of problem in my solution running on ABP 4.3.0 now: "VerifyUserTokenAsync() failed with purpose: ResetPassword for user."
I test everything on localhost in VS debug mode. As far as I remember, it used to work in the ABP 3.x.x. Any ideas, suggestions?
On other hand, ResetPassword works OK in test generated 4.3.0 solution on default tenant. So I cannot figure out what could be wrong...
What I have noticed is that ResetToken is a bit shorter in Test app...
Just in case if it matters: I have custom ProfileAppService.
Oh, right. Yes - after adding migration class I can see missing table creation code is there. And migration now added missing tables. Eventually "Forgot password" functionality now is OK, no exceptions anymore - e-mail is sent as expected.
Thank you!
Thank you. I have added those configuring methods. I already had corresponding modules included into DependsOn on all layers.
So I run DbMigrator expecting it would create missing tables now. However, this did not happen - the tables are still missing. What do I do?
Please find below:
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using System.IO;
using Volo.Abp.AuditLogging.EntityFrameworkCore;
using Volo.Abp.BackgroundJobs.EntityFrameworkCore;
using Volo.Abp.EntityFrameworkCore;
using Volo.Abp.FeatureManagement.EntityFrameworkCore;
using Volo.Abp.Identity.EntityFrameworkCore;
using Volo.Abp.IdentityServer.EntityFrameworkCore;
using Volo.Abp.LanguageManagement.EntityFrameworkCore;
using Volo.Abp.PermissionManagement.EntityFrameworkCore;
using Volo.Abp.SettingManagement.EntityFrameworkCore;
using Volo.Saas.EntityFrameworkCore;
namespace AbxEps.CentralTools.EntityFrameworkCore
{
/* This DbContext is only used for database migrations.
* It is not used on runtime. See CentralToolsDbContext for the runtime DbContext.
* It is a unified model that includes configuration for
* all used modules and your application.
*/
public class CentralToolsMigrationsDbContext : AbpDbContext<CentralToolsMigrationsDbContext>
{
public CentralToolsMigrationsDbContext(DbContextOptions<CentralToolsMigrationsDbContext> options)
: base(options)
{
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
var configuration = BuildConfiguration();
optionsBuilder.UseOracle(
configuration.GetConnectionString("Default"),
default(System.Action<Devart.Data.Oracle.Entity.OracleDbContextOptionsBuilder>));
}
protected override void OnModelCreating(ModelBuilder builder)
{
var config = Devart.Data.Oracle.Entity.Configuration.OracleEntityProviderConfig.Instance;
config.Workarounds.DisableQuoting = true;
config.CodeFirstOptions.UseNonLobStrings = true;
config.CodeFirstOptions.UseNonUnicodeStrings = true;
base.OnModelCreating(builder);
/* Include modules to your migration db context */
builder.ConfigurePermissionManagement();
builder.ConfigureSettingManagement();
builder.ConfigureBackgroundJobs();
builder.ConfigureAuditLogging();
builder.ConfigureIdentityPro();
builder.ConfigureIdentityServer();
builder.ConfigureFeatureManagement();
builder.ConfigureLanguageManagement();
builder.ConfigureSaas();
/* Configure your own tables/entities inside the ConfigureCentralTools method */
//builder.ConfigureCentralTools();
}
private static IConfigurationRoot BuildConfiguration()
{
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false);
return builder.Build();
}
}
}
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Volo.Abp.AuditLogging.EntityFrameworkCore;
using Volo.Abp.BackgroundJobs.EntityFrameworkCore;
using Volo.Abp.BlobStoring.Database.EntityFrameworkCore;
using Volo.Abp.EntityFrameworkCore;
using Volo.Abp.FeatureManagement.EntityFrameworkCore;
using Volo.Abp.Identity.EntityFrameworkCore;
using Volo.Abp.IdentityServer.EntityFrameworkCore;
using Volo.Abp.LanguageManagement.EntityFrameworkCore;
using Volo.Abp.Modularity;
using Volo.Abp.PermissionManagement.EntityFrameworkCore;
using Volo.Abp.SettingManagement.EntityFrameworkCore;
using Volo.Abp.TextTemplateManagement.EntityFrameworkCore;
using Volo.Saas.EntityFrameworkCore;
using AbxEps.CT.Batch.EntityFrameworkCore;
using AbxEps.Abp.EF.Oracle.Extensions.Interceptors;
using AbxEps.CT.Core.EntityFrameworkCore;
using Volo.Abp.Auditing;
using AbxEps.CentralTools.Images.Handlers;
namespace AbxEps.CentralTools.EntityFrameworkCore
{
[DependsOn(
typeof(CentralToolsDomainModule),
typeof(AbpIdentityProEntityFrameworkCoreModule),
typeof(AbpIdentityServerEntityFrameworkCoreModule),
typeof(AbpPermissionManagementEntityFrameworkCoreModule),
typeof(AbpSettingManagementEntityFrameworkCoreModule),
typeof(AbpBackgroundJobsEntityFrameworkCoreModule),
typeof(AbpAuditLoggingEntityFrameworkCoreModule),
typeof(AbpFeatureManagementEntityFrameworkCoreModule),
typeof(LanguageManagementEntityFrameworkCoreModule),
typeof(SaasEntityFrameworkCoreModule),
typeof(TextTemplateManagementEntityFrameworkCoreModule),
typeof(BlobStoringDatabaseEntityFrameworkCoreModule),
typeof(CoreEntityFrameworkCoreModule),
typeof(BatchEntityFrameworkCoreModule)
)]
public class CentralToolsEntityFrameworkCoreModule : AbpModule
{
public override void PreConfigureServices(ServiceConfigurationContext context)
{
CentralToolsEfCoreEntityExtensionMappings.Configure();
}
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.AddAbpDbContext<CentralToolsDbContext>(options =>
{
/* Remove "includeAllEntities: true" to create
* default repositories only for aggregate roots */
options.AddDefaultRepositories(includeAllEntities: true);
});
context.Services.AddTransient<IAuditPropertySetter, Abp.DataExtensions.Entities.LogAuditPropertySetter>();
context.Services.AddTransient<IImageHandler, ImageHandler>();
Configure<AbpDbContextOptions>(options =>
{
options.PreConfigure(abpDbContextConfigurationContext =>
{
abpDbContextConfigurationContext.DbContextOptions.UseLoggerFactory(
LoggerFactory.Create(loggingBuilder => loggingBuilder.AddConsole()));
abpDbContextConfigurationContext.DbContextOptions.AddInterceptors(new RemoveQuotesInterceptor());
abpDbContextConfigurationContext.DbContextOptions.EnableSensitiveDataLogging();
});
options.UseOracle();
});
}
}
}
I already did such a compare, but it did not help me. Because a new project does not have previous migration classes - from version 3.3.2, as in my case. So I cannot figure out what went wrong when I was doing update-database. To provide you the details, I've attached two migration classes (see in my first message): previous one, version 3.3.2 and current one, version 4.3.0.
Obviously, some tables have not been created which are now required for ABP 4.3.0 to function properly.
From your documentation I cannot understand how to have those missing tables created and how to make "Forgot password" functionality function properly now (when it needs AbpTextTemplateContents table which has not been created during migration).
