Activities of "sukhdeep.dhillon"

  • ABP Framework version: v8.2.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server)

in Abp, is there any way to check multiple permission with Authorization attribute as OR operator.

[Authorization(permission1, permission2, permission3)] public Task CreateAsync(){

}

  • ABP Framework version: v8.2.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server)

Hi team,

quick question, in ABP, what are the best practices to create test harness that compliance with security standards.

thanks

I'm facing the same issue

thank you for helping me out.

I will keep this thread open and get back to you if I need further help.

just to understand, based on this screenshot

I'm doing the following:

  1. getting the IdentityUser from _identityUserManager
  2. Set new Role with _identityUserManager
  3. Creating new CurrentUser with _principalfactory by passing IdentityUser
  4. within the scope of _currentPrincipalAccessor, CurrentUser is changed (this is where I need to apply the logic)
  5. once the scope is completed, again the current user is back to whatever it was before

please correct me if I'm missing anything

based on the documentation you shared to change the current principal,

how can I create new Current principal with all the values of the existing principal and change only the role.

could you please give me code example based on the screenshot I shared before

I don't understand I'm changing the role with _IdentityUserManager for dynamic claims then I 'm changing current principal to check the permissions.

is there any other way to check the permission without changing the current principal.

Hi,

isGranted variable doesn't relfect the latest value when role is updated in this method before get to this line,

but in the next call, isGranted has the expected value and working fine.

so when role is changed, the associated permission of the role doesn't reflect in the same call.

thank you for explaining this,

from this, what I understood is that, I should always use _identityUserManager to change any dynamic claim for the current user.

Showing 1 to 10 of 82 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on January 16, 2025, 11:47