Activities of "alexander.nikonov"
I did not transfer these lines to the project which now is responsible for Role Management:
Configure<PermissionManagementOptions>(options =>
{
options.ManagementProviders.Add<ModulePermissionManagementProvider>();
options.ProviderPolicies[ModulePermissionRoleValueProvider.ProviderName] = ModulePermissionConsts.RoleSubGroupName;
});
After I added this, the permissions are properly reflected.
But I have noticed that now after moving to dynamic permissions and Redis, selecting the permissions (basically, invoking the method above) is very slow. Can it only be related to Redis? All Redis settings are default:
I have one more idea, please hold on.
hi
BTW, List<PermissionValueProviderInfo> Providers contains no elements which also looks weird to me, i think logically it always would have to contain at least 'MR' according to the DB and the corresponding screenshot above.
Can you debug the app to inject the
IOptions<PermissionManagementOptions>to check itsManagementProvidersproperty.
So I want to get the list, where input.IsGranted is true for let's say "Role 1". But now it returns me no such data (multipleGrantInfo.Result does not contain data where IsGranted is true). It used to return data properly before and as you were able to see from the screen above, there is data for "Role 1", the tenant is correct, the provider name, ModulePermissionRoleValueProvider.ProviderName, is correct ("MR"):
public virtual async Task<PagedResultDto<PermissionGrantInfoDto>> GetModuleRolesAsPermissionsAsync(GetRolePermissionsInput input)
{
var parentRole = await _identityRoleRepository.FindAsync(input.Id, false);
if (parentRole == null)
{
throw new BusinessException(DomainErrorCodes.NotFound, _stringLocalizer.GetString("Roles:RoleNotFound"));
}
var permissionDefinitionGroups = await _permissionDefinitionManager.GetGroupsAsync();
var permissionDefinitionModuleRoleGroup = permissionDefinitionGroups.FirstOrDefault(x => x.Name == ModulePermissionConsts.GroupName);
if (permissionDefinitionModuleRoleGroup == null)
{
throw new ConfigurationErrorsException("Missing Module Role Permission Definition Group");
}
var groupDto = CreatePermissionGroupDto(permissionDefinitionModuleRoleGroup);
var neededCheckPermissions = new List<PermissionDefinition>();
foreach (var topLevelPermission in permissionDefinitionModuleRoleGroup.GetPermissionsWithChildren()
.Where(x => x.Name != ModulePermissionConsts.RoleSubGroupName && x.IsEnabled && x.Providers.Contains(ModulePermissionRoleValueProvider.ProviderName)))
{
if (await _simpleStateCheckerManager.IsEnabledAsync(topLevelPermission))
{
neededCheckPermissions.Add(topLevelPermission);
}
}
if (!neededCheckPermissions.Any())
{
return new PagedResultDto<PermissionGrantInfoDto>
{
TotalCount = 0,
Items = new List<PermissionGrantInfoDto>()
};
}
var grantInfoDtos = neededCheckPermissions.Select(CreatePermissionGrantInfoDto);
var multipleGrantInfo = await _permissionManager.GetAsync
(
neededCheckPermissions.Select(x => x.Name).ToArray(), ModulePermissionRoleValueProvider.ProviderName, parentRole.Name
);
foreach (var grantInfo in multipleGrantInfo.Result.WhereIf(input.IsGranted.HasValue, x => x.IsGranted == input.IsGranted.Value))
{
var grantInfoDto = grantInfoDtos.First(x => x.Name == grantInfo.Name);
grantInfoDto.IsGranted = grantInfo.IsGranted;
foreach (var provider in grantInfo.Providers)
{
grantInfoDto.GrantedProviders.Add(new ProviderInfoDto
{
ProviderName = provider.Name,
ProviderKey = provider.Key,
});
}
groupDto.Permissions.Add(grantInfoDto);
}
return new PagedResultDto<PermissionGrantInfoDto>
{
TotalCount = groupDto.Permissions.Count,
Items = groupDto.Permissions.ComplexOrderBy(input.Sorting).Skip(input.SkipCount).Take(input.MaxResultCount).ToList()
};
}
It looks to me that the method
var multipleGrantInfo = await _permissionManager.GetAsync
(
neededCheckPermissions.Select(x => x.Name).ToArray(), ModulePermissionRoleValueProvider.ProviderName, parentRole.Name
);
just ignores the value from DB now and so IsGranted is always false, because the input parameters here are all correct (neededCheckPermissions contains correct names, ProviderName is 'MR' and role name is 'Role 1'). BTW, List<PermissionValueProviderInfo> Providers contains no elements which also looks weird to me, i think logically it always would have to contain at least 'MR' according to the DB and the corresponding screenshot above.
Unfortunately, I cannot share our code. So I will try to cope with this myself and just share new details when I find our what's happening.
No, I did not change the data in DB. It is the same as it was before switching to Redis + dynamic permissions.
hi
If you got a new problem, You can create a new one.
Thanks.
Still, I eventually found the thing which does not work now. So we have had an additional mechanism of permissions, with a different provider name (MR). And it worked properly - in the given example, a usual role "Role 1" has permissions assigned, as you can see. However these permissions are all displayed as non-granted by standard methods after changing to dynamic permissions + Redis. Any clues why?
I did it and now everything seems to be in order. But now there is a long way to modify a custom mechanism of permissions we had in addition to the standard one and it was based on static permissions and built-in ABP cache.
I can close this ticket. But I do not guarantee I won't have further questions along the way. Should I close the ticket and then reopen if needed?
hi
Undefined feature: LeptonManagement.Enable
Can you test your code with a brand new database and redis?
Even if i tested it in a test solution using a clean DB (which is almost impossible), it would not help me to troubleshoot the error in our solution. I suggest to drilldown the error instead.
So I took a look a the DB and can see that the mentioned feature is present. Why is it reported as undefined?
This is now done, thank you, so this part is done. But let's wait a bit: I'm going to have the meeting with the colleague who managed to reproduce the first exception.