diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs index fbcf905b0a..57472d7cf1 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs @@ -28,6 +28,7 @@ namespace Volo.Abp.Authorization { options.ValueProviders.Add(); options.ValueProviders.Add(); + options.ValueProviders.Add(); }); } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs index 4f4243ad6f..7113571c16 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs @@ -1,10 +1,10 @@ -using System; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Options; +using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; using Volo.Abp.DependencyInjection; using Volo.Abp.Security.Claims; @@ -40,7 +40,7 @@ namespace Volo.Abp.Authorization.Permissions true ); } - + public virtual Task CheckAsync(string name) { return CheckAsync(PrincipalAccessor.Principal, name); @@ -57,6 +57,12 @@ namespace Volo.Abp.Authorization.Permissions foreach (var provider in ValueProviders) { + if (context.Permission.Providers.Any() && + !context.Permission.Providers.Contains(provider.Name)) + { + continue; + } + var result = await provider.CheckAsync(context); if (result.IsGranted) { diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs index d7913f0d2d..66c3c78143 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs @@ -18,6 +18,8 @@ namespace Volo.Abp.Authorization.Permissions /// public PermissionDefinition Parent { get; private set; } + public List Providers { get; } + public ILocalizableString DisplayName { get => _displayName; @@ -53,6 +55,7 @@ namespace Volo.Abp.Authorization.Permissions DisplayName = displayName ?? new FixedLocalizableString(name); Properties = new Dictionary(); + Providers = new List(); _children = new List(); } @@ -68,6 +71,30 @@ namespace Volo.Abp.Authorization.Permissions return child; } + /// + /// Sets a property in the dictionary. + /// This is a shortcut for nested calls on this object. + /// + public virtual PermissionDefinition WithProperty(string key, object value) + { + Properties[key] = value; + return this; + } + + /// + /// Sets a property in the dictionary. + /// This is a shortcut for nested calls on this object. + /// + public virtual PermissionDefinition WithProviders(params string[] providers) + { + if (!providers.IsNullOrEmpty()) + { + Providers.AddRange(providers); + } + + return this; + } + public override string ToString() { return $"[{nameof(PermissionDefinition)} {Name}]"; diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs index 1fe6c2667c..a1ec3e99fc 100644 --- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.Extensions.Localization; @@ -51,6 +52,11 @@ namespace Volo.Abp.PermissionManagement foreach (var permission in group.GetPermissionsWithChildren()) { + if (permission.Providers.Any() && !permission.Providers.Contains(providerName)) + { + continue; + } + var grantInfoDto = new PermissionGrantInfoDto { Name = permission.Name, @@ -75,7 +81,10 @@ namespace Volo.Abp.PermissionManagement groupDto.Permissions.Add(grantInfoDto); } - result.Groups.Add(groupDto); + if (groupDto.Permissions.Any()) + { + result.Groups.Add(groupDto); + } } return result; @@ -85,9 +94,16 @@ namespace Volo.Abp.PermissionManagement { await CheckProviderPolicy(providerName); - foreach (var permission in input.Permissions) + foreach (var permissionDto in input.Permissions) { - await _permissionManager.SetAsync(permission.Name, providerName, providerKey, permission.IsGranted); + var permissionDefinition = _permissionDefinitionManager.Get(permissionDto.Name); + if (permissionDefinition.Providers.Any() && + !permissionDefinition.Providers.Contains(providerName)) + { + throw new ApplicationException($"The permission named '{permissionDto.Name}' has not compatible with the provider named '{providerName}'"); + } + + await _permissionManager.SetAsync(permissionDto.Name, providerName, providerKey, permissionDto.IsGranted); } }