Added extension methods to AbpAuthorizationServiceExtensions. Worked on identity permissions and menus.

src/AbpDesk/AbpDesk.Web.Mvc/AbpDesk.Web.Mvc.csproj

@@ -24,7 +24,6 @@
     <ProjectReference Include="..\..\Volo.Abp.AspNetCore.MultiTenancy\Volo.Abp.AspNetCore.MultiTenancy.csproj" />
     <ProjectReference Include="..\..\Volo.Abp.Autofac\Volo.Abp.Autofac.csproj" />
     <ProjectReference Include="..\..\Volo.Abp.Identity.EntityFrameworkCore\Volo.Abp.Identity.EntityFrameworkCore.csproj" />
-    <ProjectReference Include="..\..\Volo.Abp.Identity.HttpApi\Volo.Abp.Identity.HttpApi.csproj" />
     <ProjectReference Include="..\..\Volo.Abp.IdentityServer.Domain\Volo.Abp.IdentityServer.Domain.csproj" />
     <ProjectReference Include="..\..\Volo.Abp.IdentityServer.EntityFrameworkCore\Volo.Abp.IdentityServer.EntityFrameworkCore.csproj" />
     <ProjectReference Include="..\..\Volo.Abp.MultiTenancy.HttpApi\Volo.Abp.MultiTenancy.HttpApi.csproj" />

src/AbpDesk/AbpDesk.Web.Mvc/AbpDeskWebMvcModule.cs

@@ -41,7 +41,6 @@ namespace AbpDesk.Web.Mvc
         typeof(AbpAspNetCoreMvcUiBootstrapModule),
         typeof(AbpDeskApplicationModule),
         typeof(AbpDeskEntityFrameworkCoreModule),
-        typeof(AbpIdentityHttpApiModule),
         typeof(AbpIdentityEntityFrameworkCoreModule),
         typeof(AbpIdentityWebModule),
         typeof(AbpAccountWebModule),

src/MicroserviceDemo/MicroserviceDemo.Web/MicroservicesDemoWebModule.cs

@@ -43,7 +43,7 @@ namespace MicroserviceDemo.Web
     {
         public override void ConfigureServices(IServiceCollection services)
         {
-            var hostingEnvironment = services.GetSingletonInstance<IHostingEnvironment>();
+            var hostingEnvironment = services.GetSingletonInstance<IHostingEnvironment>(); //TODO: Create an extension method, like GetHostingEnvironment() ?
             var configuration = BuildConfiguration(hostingEnvironment);
 
             services.Configure<DbConnectionOptions>(configuration);
@@ -166,6 +166,7 @@ namespace MicroserviceDemo.Web
             });
         }
 
+        //TODO: Create an extension method to IHostingEnvironment for that?
         private static IConfigurationRoot BuildConfiguration(IHostingEnvironment env)
         {
             var builder = new ConfigurationBuilder()

src/MicroserviceDemo/MicroserviceDemo.Web/Pages/Index.cshtml.cs

@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.Mvc.RazorPages;
 
 namespace MicroserviceDemo.Web.Pages
 {

src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationService.cs

@@ -1,4 +1,5 @@
-using System.Threading.Tasks;
+using System;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -10,6 +11,10 @@ namespace Volo.Abp.Authorization
     [Dependency(ReplaceServices = true)]
     public class AbpAuthorizationService : DefaultAuthorizationService, IAbpAuthorizationService, ITransientDependency
     {
+        public IServiceProvider ServiceProvider { get; }
+
+        public ClaimsPrincipal CurrentPrincipal => _currentPrincipalAccessor.Principal;
+
         private readonly ICurrentPrincipalAccessor _currentPrincipalAccessor;
 
         public AbpAuthorizationService(
@@ -19,7 +24,8 @@ namespace Volo.Abp.Authorization
             IAuthorizationHandlerContextFactory contextFactory, 
             IAuthorizationEvaluator evaluator, 
             IOptions<AuthorizationOptions> options,
-            ICurrentPrincipalAccessor currentPrincipalAccessor)
+            ICurrentPrincipalAccessor currentPrincipalAccessor, 
+            IServiceProvider serviceProvider)
             : base(
                 policyProvider,
                 handlers, 
@@ -29,15 +35,7 @@ namespace Volo.Abp.Authorization
                 options)
         {
             _currentPrincipalAccessor = currentPrincipalAccessor;
-        }
-
-        public async Task CheckAsync(string policyName)
-        {
-            var result = await AuthorizeAsync(_currentPrincipalAccessor.Principal, null, policyName);
-            if (!result.Succeeded)
-            {
-                throw new AbpAuthorizationException("Authorization failed! Given policy has not granted: " + policyName);
-            }
+            ServiceProvider = serviceProvider;
         }
     }
 }

src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationServiceExtensions.cs

@@ -1,13 +1,139 @@
-using System.Threading.Tasks;
+using System.Collections.Generic;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Volo.Abp.Authorization
 {
     public static class AbpAuthorizationServiceExtensions
     {
-        public static Task CheckAsync(this IAuthorizationService authorizationService, string policyName)
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, string policyName)
         {
-            return authorizationService.AsAbpAuthorizationService().CheckAsync(policyName);
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                policyName
+            );
+        }
+
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, object resource, IAuthorizationRequirement requirement)
+        {
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                resource,
+                requirement
+            );
+        }
+
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, object resource, AuthorizationPolicy policy)
+        {
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                resource,
+                policy
+            );
+        }
+
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, AuthorizationPolicy policy)
+        {
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                policy
+            );
+        }
+
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+        {
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                resource,
+                requirements
+            );
+        }
+
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService authorizationService, object resource, string policyName)
+        {
+            return authorizationService.AuthorizeAsync(
+                authorizationService.AsAbpAuthorizationService().CurrentPrincipal,
+                resource,
+                policyName
+            );
+        }
+        
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, string policyName)
+        {
+            return (await authorizationService.AuthorizeAsync(policyName)).Succeeded;
+        }
+
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, IAuthorizationRequirement requirement)
+        {
+            return (await authorizationService.AuthorizeAsync(resource, requirement)).Succeeded;
+        }
+
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, AuthorizationPolicy policy)
+        {
+            return (await authorizationService.AuthorizeAsync(resource, policy)).Succeeded;
+        }
+
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, AuthorizationPolicy policy)
+        {
+            return (await authorizationService.AuthorizeAsync(policy)).Succeeded;
+        }
+
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+        {
+            return (await authorizationService.AuthorizeAsync(resource, requirements)).Succeeded;
+        }
+
+        public static async Task<bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, string policyName)
+        {
+            return (await authorizationService.AuthorizeAsync(resource, policyName)).Succeeded;
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, string policyName)
+        {
+            if (!await authorizationService.IsGrantedAsync(policyName))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given policy has not granted: " + policyName);
+            }
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, object resource, IAuthorizationRequirement requirement)
+        {
+            if (!await authorizationService.IsGrantedAsync(resource, requirement))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given requirement has not granted for given resource: " + resource);
+            }
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, object resource, AuthorizationPolicy policy)
+        {
+            if (!await authorizationService.IsGrantedAsync(resource, policy))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given policy has not granted for given resource: " + resource);
+            }
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, AuthorizationPolicy policy)
+        {
+            if (!await authorizationService.IsGrantedAsync(policy))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given policy has not granted.");
+            }
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+        {
+            if (!await authorizationService.IsGrantedAsync(resource, requirements))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given requirements have not granted for given resource: " + resource);
+            }
+        }
+
+        public static async Task CheckAsync(this IAuthorizationService authorizationService, object resource, string policyName)
+        {
+            if (!await authorizationService.IsGrantedAsync(resource, policyName))
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given polist has not granted for given resource: " + resource);
+            }
         }
 
         private static IAbpAuthorizationService AsAbpAuthorizationService(this IAuthorizationService authorizationService)

src/Volo.Abp.Authorization/Volo/Abp/Authorization/IAbpAuthorizationService.cs

@@ -1,10 +1,11 @@
-using System.Threading.Tasks;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
+using Volo.Abp.DependencyInjection;
 
 namespace Volo.Abp.Authorization
 {
-    public interface IAbpAuthorizationService : IAuthorizationService
+    public interface IAbpAuthorizationService : IAuthorizationService, IServiceProviderAccessor
     {
-        Task CheckAsync(string policyName);
+        ClaimsPrincipal CurrentPrincipal { get; }
     }
 }

src/Volo.Abp.Identity.Web/Navigation/AbpIdentityWebMainMenuContributor.cs

@@ -1,26 +1,34 @@
 using System.Threading.Tasks;
+using Microsoft.Extensions.DependencyInjection;
+using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.Ui.Navigation;
 
 namespace Volo.Abp.Identity.Web.Navigation
 {
     public class AbpIdentityWebMainMenuContributor : IMenuContributor
     {
-        public Task ConfigureMenuAsync(MenuConfigurationContext context)
+        public async Task ConfigureMenuAsync(MenuConfigurationContext context)
         {
             if (context.Menu.Name != StandardMenus.Main)
             {
-                return Task.CompletedTask;
+                return;
             }
 
-            context.Menu
-                .AddItem(
-                    new ApplicationMenuItem("Identity", "Identity")
-                        .AddItem(new ApplicationMenuItem("Users", "Users", url: "/Identity/Users"))
-                        .AddItem(new ApplicationMenuItem("Roles", "Roles", url: "/Identity/Roles"))
+            var permissionChecker = context.ServiceProvider.GetRequiredService<IPermissionChecker>();
 
-                );
+            var identityMenuItem = new ApplicationMenuItem("Identity", "Identity");
 
-            return Task.CompletedTask;
+            context.Menu.AddItem(identityMenuItem);
+
+            if (await permissionChecker.IsGrantedAsync(IdentityPermissions.Roles.Default))
+            {
+                identityMenuItem.AddItem(new ApplicationMenuItem("Roles", "Roles", url: "/Identity/Roles"));
+            }
+
+            if (await permissionChecker.IsGrantedAsync(IdentityPermissions.Users.Default))
+            {
+                identityMenuItem.AddItem(new ApplicationMenuItem("Users", "Users", url: "/Identity/Users"));
+            }
         }
     }
 }

src/Volo.Abp.Identity.Web/Pages/Identity/Users/Index.cshtml

@@ -1,8 +1,12 @@
 @page
 @model Volo.Abp.Identity.Web.Pages.Identity.Users.IndexModel
+@using Microsoft.AspNetCore.Authorization
 @using Microsoft.AspNetCore.Mvc.Localization
+@using Volo.Abp.Authorization
+@using Volo.Abp.Identity
 @using Volo.Abp.Identity.Web.Localization.Resources.AbpIdentity
 @inject IHtmlLocalizer<IdentityResource> L
+@inject IAuthorizationService Authorization
 @section styles {
     <link rel="stylesheet" type="text/css" href="~/modules/identity/views/users/index.css" />
 }
@@ -22,10 +26,13 @@
                 <h2>@L["Users"]</h2>
             </div>
             <div class="col-md-6 text-right">
-                <button type="button" class="btn btn-primary" v-on:click="openCreateModal">
-                    <i class="fa fa-plus" aria-hidden="true"></i>
-                    @L["NewUser"]
-                </button>
+                @if (await Authorization.IsGrantedAsync(IdentityPermissions.Users.Create))
+                {
+                    <button type="button" class="btn btn-primary" v-on:click="openCreateModal">
+                        <i class="fa fa-plus" aria-hidden="true"></i>
+                        @L["NewUser"]
+                    </button>
+                }
             </div>
         </div>
     </abp-card-header>

src/Volo.Abp.UI.Navigation/Volo/Abp/Ui/Navigation/StandardMenus.cs

@@ -1,7 +1,5 @@
 namespace Volo.Abp.Ui.Navigation
 {
-    //TODO: Move these classes to Volo.Abp.Ui project?
-
     public static class StandardMenus
     {
         public const string Main = "Main";