Merge pull request #10275 from abpframework/berkan/hangfire-dashboard-authorization

feat(Hangfire): add a new field that name is enableTenant to AbpHangfireAuthorizationFilter
4 years ago · 83188406aa
parent 126f4354d0 9980a04874
commit 83188406aa
2 changed files with 21 additions and 4 deletions
--- a/docs/en/Background-Jobs-Hangfire.md
+++ b/docs/en/Background-Jobs-Hangfire.md
@ -95,12 +95,21 @@ app.UseHangfireDashboard("/hangfire", new DashboardOptions
 });
 ```

+* `AbpHangfireAuthorizationFilter` is an implementation of an authorization filter.
+
+#### AbpHangfireAuthorizationFilter
+
+`AbpHangfireAuthorizationFilter` class has the following fields:
+
+* **`enableTenant`  (`bool`, default: `false`):** Enables/disables accessing the Hangfire dashboard on tenant users.
+* **`requiredPermissionName`  (`string`, default: `null`):** Hangfire dashboard is accessible only if the current user has the specified permission. In this case, if we specify a permission name, we don't need to set `enableTenant` `true` because the permission system already does it.
+
 If you want to require an additional permission, you can pass it into the constructor as below:

 ```csharp
 app.UseHangfireDashboard("/hangfire", new DashboardOptions
 {
-    AsyncAuthorization = new[] { new AbpHangfireAuthorizationFilter("MyHangFireDashboardPermissionName") }
+    AsyncAuthorization = new[] { new AbpHangfireAuthorizationFilter(requiredPermissionName: "MyHangFireDashboardPermissionName") }
 });
 ```

--- a/framework/src/Volo.Abp.HangFire/Volo/Abp/Hangfire/AbpHangfireAuthorizationFilter.cs
+++ b/framework/src/Volo.Abp.HangFire/Volo/Abp/Hangfire/AbpHangfireAuthorizationFilter.cs
@ -9,16 +9,18 @@ namespace Volo.Abp.Hangfire
 {
    public class AbpHangfireAuthorizationFilter : IDashboardAsyncAuthorizationFilter
    {
+        private readonly bool _enableTenant;
        private readonly string _requiredPermissionName;

-        public AbpHangfireAuthorizationFilter(string requiredPermissionName = null)
+        public AbpHangfireAuthorizationFilter(bool enableTenant = false, string requiredPermissionName = null)
        {
+            _enableTenant = requiredPermissionName.IsNullOrWhiteSpace() ? enableTenant : true; 
            _requiredPermissionName = requiredPermissionName;
        }

        public async Task<bool> AuthorizeAsync(DashboardContext context)
        {
-            if (!IsLoggedIn(context))
+            if (!IsLoggedIn(context, _enableTenant))
            {
                return false;
            }
@ -31,9 +33,15 @@ namespace Volo.Abp.Hangfire
            return await IsPermissionGrantedAsync(context, _requiredPermissionName);
        }

-        private static bool IsLoggedIn(DashboardContext context)
+        private static bool IsLoggedIn(DashboardContext context, bool enableTenant)
        {
            var currentUser = context.GetHttpContext().RequestServices.GetRequiredService<ICurrentUser>();
+
+            if (!enableTenant)
+            {
+                return currentUser.IsAuthenticated && !currentUser.TenantId.HasValue;
+            }
+            
            return currentUser.IsAuthenticated;
        }