Added permission checks for role and user app service.

8 years ago · 42906c5fe3
parent 0ef8f2e936
commit 42906c5fe3
3 changed files with 22 additions and 12 deletions
--- a/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityRoleAppService.cs
+++ b/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityRoleAppService.cs
@ -1,11 +1,13 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Dtos;
 using Volo.Abp.Application.Services;

 namespace Volo.Abp.Identity
 {
+    [Authorize(IdentityPermissions.Roles.Default)]
    public class IdentityRoleAppService : ApplicationService, IIdentityRoleAppService
    {
        private readonly IdentityRoleManager _roleManager;
@ -26,7 +28,7 @@ namespace Volo.Abp.Identity
            );
        }

-        public async Task<PagedResultDto<IdentityRoleDto>> GetListAsync(GetIdentityRolesInput input) //TODO: Remove input
+        public async Task<PagedResultDto<IdentityRoleDto>> GetListAsync(GetIdentityRolesInput input) //TODO: Remove this method since it's not used
        {
            var count = (int) await _roleRepository.GetCountAsync();
            var list = await _roleRepository.GetListAsync();
@ -37,13 +39,14 @@ namespace Volo.Abp.Identity
            );
        }

-        public async Task<List<IdentityRoleDto>> GetAllListAsync()
+        public async Task<List<IdentityRoleDto>> GetAllListAsync() //TODO: Rename to GetList (however it's not possible because of the design of the IAsyncCrudAppService)
        {
            var list = await _roleRepository.GetListAsync();

            return ObjectMapper.Map<List<IdentityRole>, List<IdentityRoleDto>>(list);
        }

+        [Authorize(IdentityPermissions.Roles.Create)]
        public async Task<IdentityRoleDto> CreateAsync(IdentityRoleCreateDto input)
        {
            var role = new IdentityRole(GuidGenerator.Create(), input.Name, CurrentTenant.Id);
@ -54,6 +57,7 @@ namespace Volo.Abp.Identity
            return ObjectMapper.Map<IdentityRole, IdentityRoleDto>(role);
        }

+        [Authorize(IdentityPermissions.Roles.Update)]
        public async Task<IdentityRoleDto> UpdateAsync(Guid id, IdentityRoleUpdateDto input)
        {
            var role = await _roleManager.GetByIdAsync(id);
@ -66,6 +70,7 @@ namespace Volo.Abp.Identity
            return ObjectMapper.Map<IdentityRole, IdentityRoleDto>(role);
        }

+        [Authorize(IdentityPermissions.Roles.Delete)]
        public async Task DeleteAsync(Guid id)
        {
            var role = await _roleManager.FindByIdAsync(id.ToString());
--- a/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityUserAppService.cs
+++ b/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityUserAppService.cs
@ -1,10 +1,12 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Dtos;

 namespace Volo.Abp.Identity
 {
+    [Authorize(IdentityPermissions.Users.Default)]
    public class IdentityUserAppService : IdentityAppServiceBase, IIdentityUserAppService
    {
        private readonly IdentityUserManager _userManager;
@ -34,6 +36,15 @@ namespace Volo.Abp.Identity
            );
        }

+        public async Task<ListResultDto<IdentityRoleDto>> GetRolesAsync(Guid id)
+        {
+            var roles = await _userRepository.GetRolesAsync(id);
+            return new ListResultDto<IdentityRoleDto>(
+                ObjectMapper.Map<List<IdentityRole>, List<IdentityRoleDto>>(roles)
+            );
+        }
+
+        [Authorize(IdentityPermissions.Users.Create)]
        public async Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
        {
            var user = new IdentityUser(GuidGenerator.Create(), input.UserName, CurrentTenant.Id);
@ -46,6 +57,7 @@ namespace Volo.Abp.Identity
            return ObjectMapper.Map<IdentityUser, IdentityUserDto>(user);
        }

+        [Authorize(IdentityPermissions.Users.Update)]
        public async Task<IdentityUserDto> UpdateAsync(Guid id, IdentityUserUpdateDto input)
        {
            var user = await _userManager.GetByIdAsync(id);
@ -58,6 +70,7 @@ namespace Volo.Abp.Identity
            return ObjectMapper.Map<IdentityUser, IdentityUserDto>(user);
        }

+        [Authorize(IdentityPermissions.Users.Delete)]
        public async Task DeleteAsync(Guid id)
        {
            var user = await _userManager.FindByIdAsync(id.ToString());
@ -69,14 +82,7 @@ namespace Volo.Abp.Identity
            CheckIdentityErrors(await _userManager.DeleteAsync(user));
        }

-        public async Task<ListResultDto<IdentityRoleDto>> GetRolesAsync(Guid id)
-        {
-            var roles = await _userRepository.GetRolesAsync(id);
-            return new ListResultDto<IdentityRoleDto>(
-                ObjectMapper.Map<List<IdentityRole>, List<IdentityRoleDto>>(roles)
-            );
-        }
-
+        [Authorize(IdentityPermissions.Users.Update)]
        public async Task UpdateRolesAsync(Guid id, IdentityUserUpdateRolesDto input)
        {
            var user = await _userManager.GetByIdAsync(id);
--- a/src/Volo.Abp.Permissions.Application/Volo/Abp/Permissions/PermissionAppService.cs
+++ b/src/Volo.Abp.Permissions.Application/Volo/Abp/Permissions/PermissionAppService.cs
@ -1,5 +1,4 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Authorization.Permissions;