Merge branch 'master' into dev

docs/en/Getting-Started.md

@@ -322,7 +322,6 @@ Once all node modules are loaded, execute `yarn start` (or `npm start`) command:
 yarn start
 ```
 
-Wait `Angular CLI` to launch `Webpack` dev-server with `BrowserSync`. 
 This will take care of compiling your `TypeScript` code, and automatically reloading your browser. 
 After it finishes, `Angular Live Development Server` will be listening on localhost:4200, 
 open your web browser and navigate to [localhost:4200](http://localhost:4200/)

docs/en/Samples/Index.md

@@ -7,7 +7,7 @@ Here, a list of official samples built with the ABP Framework. Most of these sam
 A complete solution to demonstrate how to build systems based on the microservice architecture.
 
 * [The complete documentation for this sample](Microservice-Demo.md)
-* [Source code](https://github.com/abpframework/abp/tree/dev/samples/MicroserviceDemo)
+* [Source code](https://github.com/abpframework/abp-samples/tree/master/MicroserviceDemo)
 * [Microservice architecture document](../Microservice-Architecture.md)
 
 ### Book Store

docs/en/Samples/Microservice-Demo.md

@@ -28,7 +28,7 @@ The diagram below shows the system:
 
 ### Source Code
 
-You can get the source code from [the GitHub repository](https://github.com/abpframework/abp/tree/master/samples/MicroserviceDemo).
+You can get the source code from [the GitHub repository](https://github.com/abpframework/abp-samples/tree/master/MicroserviceDemo).
 
 ## Running the Solution
 

docs/en/Tutorials/Part-4.md

@@ -0,0 +1,248 @@
+# Web Application Development Tutorial - Part 4: Integration Tests
+````json
+//[doc-params]
+{
+    "UI": ["MVC","NG"],
+    "DB": ["EF","Mongo"]
+}
+````
+{{
+if UI == "MVC"
+  UI_Text="mvc"
+else if UI == "NG"
+  UI_Text="angular"
+else
+  UI_Text="?"
+end
+if DB == "EF"
+  DB_Text="Entity Framework Core"
+else if DB == "Mongo"
+  DB_Text="MongoDB"
+else
+  DB_Text="?"
+end
+}}
+
+## About This Tutorial
+
+In this tutorial series, you will build an ABP based web application named `Acme.BookStore`. This application is used to manage a list of books and their authors. It is developed using the following technologies:
+
+* **{{DB_Text}}** as the ORM provider. 
+* **{{UI_Value}}** as the UI Framework.
+
+This tutorial is organized as the following parts;
+
+- [Part 1: Creating the project and book list page](Part-1.md)
+- [Part 2: The book list page](Part-2.md)
+- [Part 3: Creating, updating and deleting books](Part-3.md)
+- **Part 4: Integration tests (this part)**
+- [Part 5: Authorization](Part-5.md)
+
+### Download the Source Code
+
+This tutorials has multiple versions based on your **UI** and **Database** preferences. We've prepared two combinations of the source code to be downloaded:
+
+* [MVC (Razor Pages) UI with EF Core](https://github.com/abpframework/abp-samples/tree/master/BookStore-Mvc-EfCore)
+* [Angular UI with MongoDB](https://github.com/abpframework/abp-samples/tree/master/BookStore-Angular-MongoDb)
+
+## Test Projects in the Solution
+
+This part covers the **server side** tests. There are several test projects in the solution:
+
+![bookstore-test-projects-v2](./images/bookstore-test-projects-{{UI_Text}}.png)
+
+Each project is used to test the related project. Test projects use the following libraries for testing:
+
+* [Xunit](https://xunit.github.io/) as the main test framework.
+* [Shoudly](http://shouldly.readthedocs.io/en/latest/) as the assertion library.
+* [NSubstitute](http://nsubstitute.github.io/) as the mocking library.
+
+{{if DB=="EF"}}
+
+> The test projects are configured to use **SQLite in-memory** as the database. A separate database instance is created and seeded (with the data seed system) to prepare a fresh database for every test.
+
+{{else if DB=="Mongo"}}
+
+> **[Mongo2Go](https://github.com/Mongo2Go/Mongo2Go)** library is used to mock the MongoDB database. A separate database instance is created and seeded (with the data seed system) to prepare a fresh database for every test.
+
+{{end}}
+
+## Adding Test Data
+
+If you had created a data seed contributor as described in the [first part](Part-1.md), the same data will be available in your tests. So, you can skip this section. If you haven't created the seed contributor, you can use the `BookStoreTestDataSeedContributor` to seed the same data to be used in the tests below.
+
+## Testing the BookAppService
+
+Create a test class named `BookAppService_Tests` in the `Acme.BookStore.Application.Tests` project:
+
+````csharp
+using System.Threading.Tasks;
+using Shouldly;
+using Volo.Abp.Application.Dtos;
+using Xunit;
+
+namespace Acme.BookStore.Books
+{
+    public class BookAppService_Tests : BookStoreApplicationTestBase
+    {
+        private readonly IBookAppService _bookAppService;
+
+        public BookAppService_Tests()
+        {
+            _bookAppService = GetRequiredService<IBookAppService>();
+        }
+
+        [Fact]
+        public async Task Should_Get_List_Of_Books()
+        {
+            //Act
+            var result = await _bookAppService.GetListAsync(
+                new PagedAndSortedResultRequestDto()
+            );
+
+            //Assert
+            result.TotalCount.ShouldBeGreaterThan(0);
+            result.Items.ShouldContain(b => b.Name == "1984");
+        }
+    }
+}
+````
+
+* `Should_Get_List_Of_Books` test simply uses `BookAppService.GetListAsync` method to get and check the list of books.
+* We can safely check the book "1984" by its name, because we know that this books is available in the database since we've added it in the seed data.
+
+Add a new test method to the `BookAppService_Tests` class that creates a new **valid** book:
+
+````csharp
+[Fact]
+public async Task Should_Create_A_Valid_Book()
+{
+    //Act
+    var result = await _bookAppService.CreateAsync(
+        new CreateUpdateBookDto
+        {
+            Name = "New test book 42",
+            Price = 10,
+            PublishDate = System.DateTime.Now,
+            Type = BookType.ScienceFiction
+        }
+    );
+
+    //Assert
+    result.Id.ShouldNotBe(Guid.Empty);
+    result.Name.ShouldBe("New test book 42");
+}
+````
+
+Add a new test that tries to create an invalid book and fails:
+
+````csharp
+[Fact]
+public async Task Should_Not_Create_A_Book_Without_Name()
+{
+    var exception = await Assert.ThrowsAsync<AbpValidationException>(async () =>
+    {
+        await _bookAppService.CreateAsync(
+            new CreateUpdateBookDto
+            {
+                Name = "",
+                Price = 10,
+                PublishDate = DateTime.Now,
+                Type = BookType.ScienceFiction
+            }
+        );
+    });
+
+    exception.ValidationErrors
+        .ShouldContain(err => err.MemberNames.Any(mem => mem == "Name"));
+}
+````
+
+* Since the `Name` is empty, ABP will throw an `AbpValidationException`.
+
+The final test class should be as shown below:
+
+````csharp
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Shouldly;
+using Volo.Abp.Application.Dtos;
+using Volo.Abp.Validation;
+using Xunit;
+
+namespace Acme.BookStore.Books
+{
+    public class BookAppService_Tests : BookStoreApplicationTestBase
+    {
+        private readonly IBookAppService _bookAppService;
+
+        public BookAppService_Tests()
+        {
+            _bookAppService = GetRequiredService<IBookAppService>();
+        }
+
+        [Fact]
+        public async Task Should_Get_List_Of_Books()
+        {
+            //Act
+            var result = await _bookAppService.GetListAsync(
+                new PagedAndSortedResultRequestDto()
+            );
+
+            //Assert
+            result.TotalCount.ShouldBeGreaterThan(0);
+            result.Items.ShouldContain(b => b.Name == "1984");
+        }
+        
+        [Fact]
+        public async Task Should_Create_A_Valid_Book()
+        {
+            //Act
+            var result = await _bookAppService.CreateAsync(
+                new CreateUpdateBookDto
+                {
+                    Name = "New test book 42",
+                    Price = 10,
+                    PublishDate = System.DateTime.Now,
+                    Type = BookType.ScienceFiction
+                }
+            );
+
+            //Assert
+            result.Id.ShouldNotBe(Guid.Empty);
+            result.Name.ShouldBe("New test book 42");
+        }
+        
+        [Fact]
+        public async Task Should_Not_Create_A_Book_Without_Name()
+        {
+            var exception = await Assert.ThrowsAsync<AbpValidationException>(async () =>
+            {
+                await _bookAppService.CreateAsync(
+                    new CreateUpdateBookDto
+                    {
+                        Name = "",
+                        Price = 10,
+                        PublishDate = DateTime.Now,
+                        Type = BookType.ScienceFiction
+                    }
+                );
+            });
+
+            exception.ValidationErrors
+                .ShouldContain(err => err.MemberNames.Any(mem => mem == "Name"));
+        }
+    }
+}
+````
+
+Open the **Test Explorer Window** (use Test -> Windows -> Test Explorer menu if it is not visible) and **Run All** tests:
+
+![bookstore-appservice-tests](./images/bookstore-appservice-tests.png)
+
+Congratulations, the **green icons** indicates that the tests have been successfully passed!
+
+## The Next Part
+
+See the [next part](part-5.md) of this tutorial.

docs/en/Tutorials/Part-5.md

@@ -0,0 +1,401 @@
+# Web Application Development Tutorial - Part 5: Authorization
+````json
+//[doc-params]
+{
+    "UI": ["MVC","NG"],
+    "DB": ["EF","Mongo"]
+}
+````
+{{
+if UI == "MVC"
+  UI_Text="mvc"
+else if UI == "NG"
+  UI_Text="angular"
+else
+  UI_Text="?"
+end
+if DB == "EF"
+  DB_Text="Entity Framework Core"
+else if DB == "Mongo"
+  DB_Text="MongoDB"
+else
+  DB_Text="?"
+end
+}}
+
+## About This Tutorial
+
+In this tutorial series, you will build an ABP based web application named `Acme.BookStore`. This application is used to manage a list of books and their authors. It is developed using the following technologies:
+
+* **{{DB_Text}}** as the ORM provider. 
+* **{{UI_Value}}** as the UI Framework.
+
+This tutorial is organized as the following parts;
+
+- [Part 1: Creating the project and book list page](Part-1.md)
+- [Part 2: The book list page](Part-2.md)
+- [Part 3: Creating, updating and deleting books](Part-3.md)
+- [Part 4: Integration tests](Part-4.md)
+- **Part 5: Authorization (this part)**
+
+### Download the Source Code
+
+This tutorials has multiple versions based on your **UI** and **Database** preferences. We've prepared two combinations of the source code to be downloaded:
+
+* [MVC (Razor Pages) UI with EF Core](https://github.com/abpframework/abp-samples/tree/master/BookStore-Mvc-EfCore)
+* [Angular UI with MongoDB](https://github.com/abpframework/abp-samples/tree/master/BookStore-Angular-MongoDb)
+
+## Permissions
+
+ABP Framework provides an [authorization system](../Authorization.md) based on the ASP.NET Core's [authorization infrastructure](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction). One major feature added on top of the standard authorization infrastructure is the **permission system** which allows to define permissions and enable/disable per role, user or client.
+
+### Permission Names
+
+A permission must have a unique name (a `string`). The best way is to define it as a `const`, so we can reuse the permission name.
+
+Open the `BookStorePermissions` class inside the `Acme.BookStore.Application.Contracts` project and change the content as shown below:
+
+````csharp
+namespace Acme.BookStore.Permissions
+{
+    public static class BookStorePermissions
+    {
+        public const string GroupName = "BookStore";
+
+        public static class Books
+        {
+            public const string Default = GroupName + ".Books";
+            public const string Create = Default + ".Create";
+            public const string Edit = Default + ".Edit";
+            public const string Delete = Default + ".Delete";
+        }
+    }
+}
+````
+
+This is a hierarchical way of defining permission names. For example, "create book" permission name was defined as `BookStore.Books.Create`.
+
+### Permission Definitions
+
+You should define permissions before using them.
+
+Open the `BookStorePermissionDefinitionProvider` class inside the `Acme.BookStore.Application.Contracts` project and change the content as shown below:
+
+````csharp
+using Acme.BookStore.Localization;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Localization;
+
+namespace Acme.BookStore.Permissions
+{
+    public class BookStorePermissionDefinitionProvider : PermissionDefinitionProvider
+    {
+        public override void Define(IPermissionDefinitionContext context)
+        {
+            var bookStoreGroup = context.AddGroup(BookStorePermissions.GroupName, L("Permission:BookStore"));
+
+            var booksPermission = bookStoreGroup.AddPermission(BookStorePermissions.Books.Default, L("Permission:Books"));
+            booksPermission.AddChild(BookStorePermissions.Books.Create, L("Permission:Books.Create"));
+            booksPermission.AddChild(BookStorePermissions.Books.Edit, L("Permission:Books.Edit"));
+            booksPermission.AddChild(BookStorePermissions.Books.Delete, L("Permission:Books.Delete"));
+        }
+
+        private static LocalizableString L(string name)
+        {
+            return LocalizableString.Create<BookStoreResource>(name);
+        }
+    }
+}
+````
+
+This class defines a **permission group** (to group permissions on the UI, will be seen below) and **4 permissions** inside this group. Also, **Create**, **Edit** and **Delete** are children of the `BookStorePermissions.Books.Default` permission. A child permission can be selected **only if the parent was selected**.
+
+Finally, edit the localization file (`en.json` under the `Localization/BookStore` folder of the `Acme.BookStore.Domain.Shared` project) to define the localization keys used above:
+
+````json
+"Permission:BookStore": "Book Store",
+"Permission:Books": "Book Management",
+"Permission:Books.Create": "Creating new books",
+"Permission:Books.Edit": "Editing the books",
+"Permission:Books.Delete": "Deleting the books"
+````
+
+> Localization key names are arbitrary and no forcing rule. But we prefer the convention used above.
+
+### Permission Management UI
+
+Once you define the permissions, you can see them on the **permission management modal**.
+
+Go to the *Administration -> Identity -> Roles* page, select *Permissions* action for the admin role to open the permission management modal:
+
+![bookstore-permissions-ui](images/bookstore-permissions-ui.png)
+
+Grant the permissions you want and save the modal.
+
+## Authorization
+
+Now, you can use the permissions to authorize the book management.
+
+### Application Layer & HTTP API
+
+Open the `BookAppService` class and add set the policy names as the permission names defined above:
+
+````csharp
+using System;
+using Acme.BookStore.Permissions;
+using Volo.Abp.Application.Dtos;
+using Volo.Abp.Application.Services;
+using Volo.Abp.Domain.Repositories;
+
+namespace Acme.BookStore.Books
+{
+    public class BookAppService :
+        CrudAppService<
+            Book, //The Book entity
+            BookDto, //Used to show books
+            Guid, //Primary key of the book entity
+            PagedAndSortedResultRequestDto, //Used for paging/sorting
+            CreateUpdateBookDto>, //Used to create/update a book
+        IBookAppService //implement the IBookAppService
+    {
+        public BookAppService(IRepository<Book, Guid> repository)
+            : base(repository)
+        {
+            GetPolicyName = BookStorePermissions.Books.Default;
+            GetListPolicyName = BookStorePermissions.Books.Default;
+            CreatePolicyName = BookStorePermissions.Books.Create;
+            UpdatePolicyName = BookStorePermissions.Books.Edit;
+            DeletePolicyName = BookStorePermissions.Books.Delete;
+        }
+    }
+}
+````
+
+Added code to the constructor. Base `CrudAppService` automatically uses these permissions on the CRUD operations. This makes the **application service** secure, but also makes the **HTTP API** secure since this service is automatically used as an HTTP API as explained before (see [auto API controllers](../API/Auto-API-Controllers.md)).
+
+{{if UI == "MVC"}}
+
+### Razor Page
+
+While securing the HTTP API & the application service prevents unauthorized users to use the services, they can still navigate to the book management page. While they will get authorization exception when the page makes the first AJAX call to the server, we should also authorize the page for a better user experience and security.
+
+Open the `BookStoreWebModule` and add the following code block inside the `ConfigureServices` method:
+
+````csharp
+Configure<RazorPagesOptions>(options =>
+{
+    options.Conventions.AuthorizePage("/Books/Index", BookStorePermissions.Books.Default);
+    options.Conventions.AuthorizePage("/Books/CreateModal", BookStorePermissions.Books.Create);
+    options.Conventions.AuthorizePage("/Books/EditModal", BookStorePermissions.Books.Edit);
+});
+````
+
+Now, unauthorized users are redirected to the **login page**.
+
+#### Hide the New Book Button
+
+The book management page has a *New Book* button that should be invisible if the current user has no *Book Creation* permission.
+
+![bookstore-new-book-button-small](images/bookstore-new-book-button-small.png)
+
+Open the `Pages/Books/Index.cshtml` file and change the content as shown below:
+
+````html
+@page
+@using Acme.BookStore.Localization
+@using Acme.BookStore.Permissions
+@using Acme.BookStore.Web.Pages.Books
+@using Microsoft.AspNetCore.Authorization
+@using Microsoft.Extensions.Localization
+@model IndexModel
+@inject IStringLocalizer<BookStoreResource> L
+@inject IAuthorizationService AuthorizationService
+@section scripts
+{
+    <abp-script src="/Pages/Books/Index.js"/>
+}
+
+<abp-card>
+    <abp-card-header>
+        <abp-row>
+            <abp-column size-md="_6">
+                <abp-card-title>@L["Books"]</abp-card-title>
+            </abp-column>
+            <abp-column size-md="_6" class="text-right">
+                @if (await AuthorizationService.IsGrantedAsync(BookStorePermissions.Books.Create))
+                {
+                    <abp-button id="NewBookButton"
+                                text="@L["NewBook"].Value"
+                                icon="plus"
+                                button-type="Primary"/>
+                }
+            </abp-column>
+        </abp-row>
+    </abp-card-header>
+    <abp-card-body>
+        <abp-table striped-rows="true" id="BooksTable"></abp-table>
+    </abp-card-body>
+</abp-card>
+````
+
+* Added `@inject IAuthorizationService AuthorizationService` to access to the authorization service.
+* Used `@if (await AuthorizationService.IsGrantedAsync(BookStorePermissions.Books.Create))` to check the book creation permission to conditionally render the *New Book* button.
+
+### JavaScript Side
+
+Books table in the book management page has an actions button for each row. The actions button includes *Edit* and *Delete* actions:
+
+![bookstore-edit-delete-actions](images/bookstore-edit-delete-actions.png)
+
+We should hide an action if the current user has not granted for the related permission. Datatables row actions has a `visible` option that can be set to `false` to hide the action item.
+
+Open the `Pages/Books/Index.js` inside the `Acme.BookStore.Web` project and add a `visible` option to the `Edit` action as shown below:
+
+````js
+{
+    text: l('Edit'),
+    visible: abp.auth.isGranted('BookStore.Books.Edit'), //CHECK for the PERMISSION
+    action: function (data) {
+        editModal.open({ id: data.record.id });
+    }
+}
+````
+
+Do same for the `Delete` action:
+
+````js
+visible: abp.auth.isGranted('BookStore.Books.Delete')
+````
+
+* `abp.auth.isGranted(...)` is used to check a permission that is defined before.
+* `visible` could also be get a function that returns a `bool` if the value will be calculated later, based on some conditions.
+
+### Menu Item
+
+Even we have secured all the layers of the book management page, it is still visible on the main menu of the application. We should hide the menu item if the current user has no permission.
+
+Open the `BookStoreMenuContributor` class, find the code block below:
+
+````csharp
+context.Menu.AddItem(
+    new ApplicationMenuItem(
+        "BooksStore",
+        l["Menu:BookStore"],
+        icon: "fa fa-book"
+    ).AddItem(
+        new ApplicationMenuItem(
+            "BooksStore.Books",
+            l["Menu:Books"],
+            url: "/Books"
+        )
+    )
+);
+````
+
+And replace this code block with the following:
+
+````csharp
+var bookStoreMenu = new ApplicationMenuItem(
+    "BooksStore",
+    l["Menu:BookStore"],
+    icon: "fa fa-book"
+);
+
+context.Menu.AddItem(bookStoreMenu);
+
+//CHECK the PERMISSION
+if (await context.IsGrantedAsync(BookStorePermissions.Books.Default))
+{
+    bookStoreMenu.AddItem(new ApplicationMenuItem(
+        "BooksStore.Books",
+        l["Menu:Books"],
+        url: "/Books"
+    ));
+}
+````
+
+{{else if UI == "NG"}}
+
+### Angular Guard Configuration
+
+First step of the UI is to prevent unauthorized users to see the "Books" menu item and enter to the book management page.
+
+Open the `/src/app/book/book-routing.module.ts` and replace with the following content:
+
+````js
+import { NgModule } from '@angular/core';
+import { Routes, RouterModule } from '@angular/router';
+import { AuthGuard, PermissionGuard } from '@abp/ng.core';
+import { BookComponent } from './book.component';
+
+const routes: Routes = [
+  { path: '', component: BookComponent, canActivate: [AuthGuard, PermissionGuard] },
+];
+
+@NgModule({
+  imports: [RouterModule.forChild(routes)],
+  exports: [RouterModule],
+})
+export class BookRoutingModule {}
+````
+
+* Imported `AuthGuard` and `PermissionGuard` from the `@abp/ng.core`.
+* Added `canActivate: [AuthGuard, PermissionGuard]` to the route definition.
+
+Open the `/src/app/route.provider.ts` and add `requiredPolicy: 'BookStore.Books'` to the `/books` route. The `/books` route block should be following:
+
+````js
+{
+  path: '/books',
+  name: '::Menu:Books',
+  parentName: '::Menu:BookStore',
+  layout: eLayoutType.application,
+  requiredPolicy: 'BookStore.Books',
+}
+````
+
+### Hide the New Book Button
+
+The book management page has a *New Book* button that should be invisible if the current user has no *Book Creation* permission.
+
+![bookstore-new-book-button-small](images/bookstore-new-book-button-small.png)
+
+Open the `/src/app/book/book.component.html` file and replace the create button HTML content as shown below:
+
+````html
+<!-- Add the abpPermission directive -->
+<button abpPermission="BookStore.Books.Create" id="create" class="btn btn-primary" type="button" (click)="createBook()">
+  <i class="fa fa-plus mr-1"></i>
+  <span>{{ '::NewBook' | abpLocalization }}</span>
+</button>
+````
+
+* Just added `abpPermission="BookStore.Books.Create"` that hides the button if the current user has no permission.
+
+### Hide the Edit and Delete Actions
+
+Books table in the book management page has an actions button for each row. The actions button includes *Edit* and *Delete* actions:
+
+![bookstore-edit-delete-actions](images/bookstore-edit-delete-actions.png)
+
+We should hide an action if the current user has not granted for the related permission.
+
+Open the `/src/app/book/book.component.html` file and replace the edit and delete buttons contents as shown below:
+
+````html
+<!-- Add the abpPermission directive -->
+<button abpPermission="BookStore.Books.Edit" ngbDropdownItem (click)="editBook(row.id)">
+  {{ '::Edit' | abpLocalization }}
+</button>
+
+<!-- Add the abpPermission directive -->
+<button abpPermission="BookStore.Books.Delete" ngbDropdownItem (click)="delete(row.id)">
+  {{ 'AbpAccount::Delete' | abpLocalization }}
+</button>
+````
+
+* Added `abpPermission="BookStore.Books.Edit"` that hides the edit action if the current user has no editing permission.
+* Added `abpPermission="BookStore.Books.Delete"` that hides the delete action if the current user has no delete permission.
+
+{{end}}
+

docs/en/docs-nav.json

@@ -26,19 +26,27 @@
       "text": "Tutorials",
       "items": [
         {
-          "text": "Application Development",
+          "text": "Web Application Development",
           "items": [
             {
-              "text": "Part-1: Creating a new solution and listing items",
+              "text": "1: Creating the Server Side",
               "path": "Tutorials/Part-1.md"
             },
             {
-              "text": "Part-2: CRUD operations",
+              "text": "2: The Book List Page",
               "path": "Tutorials/Part-2.md"
             },
             {
-              "text": "Part-3: Integration tests",
+              "text": "3: Creating, Updating and Deleting Books",
               "path": "Tutorials/Part-3.md"
+            },
+            {
+              "text": "4: Integration Tests",
+              "path": "Tutorials/Part-4.md"
+            },
+            {
+              "text": "5: Authorization",
+              "path": "Tutorials/Part-5.md"
             }
           ]
         }