diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs index 46e13bcc3d..cbddb7c3c7 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs @@ -14,19 +14,17 @@ namespace Volo.Abp.AspNetCore.Mvc.Client ConfigurationClient = configurationClient; } - public async Task CheckAsync(string name) + public async Task IsGrantedAsync(string name) { var configuration = await ConfigurationClient.GetAsync(); - return new PermissionGrantInfo( - name, - configuration.Auth.GrantedPolicies.ContainsKey(name) - ); + return configuration.Auth.GrantedPolicies.ContainsKey(name); } - public Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { - return CheckAsync(name); + /* This provider always works for the current principal. */ + return IsGrantedAsync(name); } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs index 77c8f4b665..e3f4425289 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs @@ -1,5 +1,6 @@ using System.Security.Claims; using System.Threading.Tasks; +using Volo.Abp.Threading; namespace Volo.Abp.Authorization.Permissions { @@ -11,14 +12,14 @@ namespace Volo.Abp.Authorization.Permissions /// public class AlwaysAllowPermissionChecker : IPermissionChecker { - public Task CheckAsync(string name) + public Task IsGrantedAsync(string name) { - return Task.FromResult(new PermissionGrantInfo(name, true, "AlwaysAllow")); + return TaskCache.TrueResult; } - public Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { - return Task.FromResult(new PermissionGrantInfo(name, true, "AlwaysAllow")); + return TaskCache.TrueResult; } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs index b9eac0bab0..87b391443d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs @@ -15,21 +15,18 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value; if (clientId == null) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } - if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, clientId)) - { - return new PermissionValueProviderGrantInfo(true, clientId); - } - - return PermissionValueProviderGrantInfo.NonGranted; + return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, clientId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs index 833e09281c..b394a29f52 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs @@ -6,8 +6,8 @@ namespace Volo.Abp.Authorization.Permissions { public interface IPermissionChecker { - Task CheckAsync([NotNull]string name); + Task IsGrantedAsync([NotNull]string name); - Task CheckAsync([CanBeNull] ClaimsPrincipal claimsPrincipal, [NotNull]string name); + Task IsGrantedAsync([CanBeNull] ClaimsPrincipal claimsPrincipal, [NotNull]string name); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs index 73ba3bfd17..bf19132e23 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs @@ -7,6 +7,7 @@ namespace Volo.Abp.Authorization.Permissions { string Name { get; } - Task CheckAsync(PermissionValueCheckContext context); + //TODO: Rename to GetResult? (CheckAsync throws exception by naming convention) + Task CheckAsync(PermissionValueCheckContext context); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs index 7113571c16..624ed75146 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs @@ -41,12 +41,12 @@ namespace Volo.Abp.Authorization.Permissions ); } - public virtual Task CheckAsync(string name) + public virtual Task IsGrantedAsync(string name) { - return CheckAsync(PrincipalAccessor.Principal, name); + return IsGrantedAsync(PrincipalAccessor.Principal, name); } - public virtual async Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public virtual async Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { Check.NotNull(name, nameof(name)); @@ -55,6 +55,8 @@ namespace Volo.Abp.Authorization.Permissions claimsPrincipal ); + var isGranted = false; + foreach (var provider in ValueProviders) { if (context.Permission.Providers.Any() && @@ -64,13 +66,19 @@ namespace Volo.Abp.Authorization.Permissions } var result = await provider.CheckAsync(context); - if (result.IsGranted) + + if (result == PermissionGrantResult.Granted) + { + isGranted = true; + } + else if (result == PermissionGrantResult.Prohibited) { - return new PermissionGrantInfo(context.Permission.Name, true, provider.Name, result.ProviderKey); + isGranted = true; + break; } } - return new PermissionGrantInfo(context.Permission.Name, false); + return isGranted; } } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs deleted file mode 100644 index f9891862ff..0000000000 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs +++ /dev/null @@ -1,20 +0,0 @@ -using System.Security.Claims; -using System.Threading.Tasks; - -namespace Volo.Abp.Authorization.Permissions -{ - public static class PermissionCheckerExtensions - { - public static async Task IsGrantedAsync(this IPermissionChecker permissionChecker, string name) - { - return (await permissionChecker.CheckAsync(name)).IsGranted; - } - - public static async Task IsGrantedAsync(this IPermissionChecker permissionChecker, ClaimsPrincipal principal, string name) - { - return (await permissionChecker.CheckAsync(principal, name)).IsGranted; - } - - //TODO: Add sync extensions - } -} diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs new file mode 100644 index 0000000000..0b8b23e426 --- /dev/null +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs @@ -0,0 +1,9 @@ +namespace Volo.Abp.Authorization.Permissions +{ + public enum PermissionGrantResult + { + Undefined, + Granted, + Prohibited + } +} \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs index 066d876637..914bd4af34 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs @@ -13,6 +13,6 @@ namespace Volo.Abp.Authorization.Permissions PermissionStore = permissionStore; } - public abstract Task CheckAsync(PermissionValueCheckContext context); + public abstract Task CheckAsync(PermissionValueCheckContext context); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs index 1d200ac49a..a008190fbd 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs @@ -16,23 +16,23 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var roles = context.Principal?.FindAll(AbpClaimTypes.Role).Select(c => c.Value).ToArray(); if (roles == null || !roles.Any()) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } foreach (var role in roles) { if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, role)) { - return new PermissionValueProviderGrantInfo(true, role); + return PermissionGrantResult.Granted; } } - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs index 9f6022907e..f04a85910f 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs @@ -15,21 +15,18 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var userId = context.Principal?.FindFirst(AbpClaimTypes.UserId)?.Value; if (userId == null) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } - if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, userId)) - { - return new PermissionValueProviderGrantInfo(true, userId); - } - - return PermissionValueProviderGrantInfo.NonGranted; + return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, userId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; } } } diff --git a/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs b/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs new file mode 100644 index 0000000000..0cb57ca0c5 --- /dev/null +++ b/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs @@ -0,0 +1,16 @@ +using System.Threading.Tasks; + +namespace Volo.Abp.Threading +{ + public static class TaskCache + { + public static Task TrueResult { get; } + public static Task FalseResult { get; } + + static TaskCache() + { + TrueResult = Task.FromResult(true); + FalseResult = Task.FromResult(false); + } + } +} diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj index 05291caa45..686edb7720 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj @@ -14,9 +14,8 @@ - + - diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs index 58de6cdb99..6b21f53443 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs @@ -1,10 +1,12 @@ -using Volo.Abp.Data; +using Volo.Abp.Authorization; +using Volo.Abp.Data; using Volo.Abp.Modularity; namespace Volo.Abp.MultiTenancy { [DependsOn( - typeof(AbpDataModule) + typeof(AbpDataModule), + typeof(AbpAuthorizationModule) )] public class AbpMultiTenancyAbstractionsModule : AbpModule //TODO: Rename to AbpMultiTenancyModule? { diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs similarity index 78% rename from framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs rename to modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs index 3c1fc47799..bf3265643d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs @@ -1,8 +1,8 @@ using JetBrains.Annotations; -namespace Volo.Abp.Authorization.Permissions +namespace Volo.Abp.PermissionManagement { - public class PermissionValueProviderGrantInfo + public class PermissionValueProviderGrantInfo //TODO: Rename to PermissionGrantInfo { public static PermissionValueProviderGrantInfo NonGranted { get; } = new PermissionValueProviderGrantInfo(false);