From af367d60db65ac8d09b9892cd05b223ae1632ab0 Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 09:53:38 +0300 Subject: [PATCH 1/6] Added IsFeature to PermissionDefinition --- .../Permissions/PermissionDefinition.cs | 20 +++++++++++++++---- .../Permissions/PermissionGroupDefinition.cs | 11 +++++++--- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs index bb23757de5..ce81f4e00d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs @@ -22,7 +22,12 @@ namespace Volo.Abp.Authorization.Permissions /// A list of allowed providers to get/set value of this permission. /// An empty list indicates that all providers are allowed. /// - public List Providers { get; } + public List Providers { get; } //TODO: Rename to AllowedProviders? + + /// + /// Used to mark this permission as also a feature of the application. + /// + public bool IsFeature { get; set; } public ILocalizableString DisplayName { @@ -53,19 +58,26 @@ namespace Volo.Abp.Authorization.Permissions set => Properties[name] = value; } - protected internal PermissionDefinition([NotNull] string name, ILocalizableString displayName = null) + protected internal PermissionDefinition( + [NotNull] string name, + ILocalizableString displayName = null, + bool isFeature = false) { Name = Check.NotNull(name, nameof(name)); DisplayName = displayName ?? new FixedLocalizableString(name); + IsFeature = isFeature; Properties = new Dictionary(); Providers = new List(); _children = new List(); } - public virtual PermissionDefinition AddChild([NotNull] string name, ILocalizableString displayName = null) + public virtual PermissionDefinition AddChild( + [NotNull] string name, + ILocalizableString displayName = null, + bool isFeature = false) { - var child = new PermissionDefinition(name, displayName) + var child = new PermissionDefinition(name, displayName, isFeature) { Parent = this }; diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs index a52bd4f601..c4fe93e739 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs @@ -37,7 +37,9 @@ namespace Volo.Abp.Authorization.Permissions set => Properties[name] = value; } - protected internal PermissionGroupDefinition(string name, ILocalizableString displayName = null) + protected internal PermissionGroupDefinition( + string name, + ILocalizableString displayName = null) { Name = name; DisplayName = displayName ?? new FixedLocalizableString(Name); @@ -46,9 +48,12 @@ namespace Volo.Abp.Authorization.Permissions _permissions = new List(); } - public virtual PermissionDefinition AddPermission(string name, ILocalizableString displayName = null) + public virtual PermissionDefinition AddPermission( + string name, + ILocalizableString displayName = null, + bool isFeature = false) { - var permission = new PermissionDefinition(name, displayName); + var permission = new PermissionDefinition(name, displayName, isFeature); _permissions.Add(permission); From 79da56dd1329d22c11741cbbddd9e336f2214483 Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 10:48:38 +0300 Subject: [PATCH 2/6] Simplify permission value providers. --- .../Mvc/Client/RemotePermissionChecker.cs | 12 +++++------ .../AlwaysAllowPermissionChecker.cs | 9 +++++---- .../ClientPermissionValueProvider.cs | 13 +++++------- .../Permissions/IPermissionChecker.cs | 4 ++-- .../Permissions/IPermissionValueProvider.cs | 3 ++- .../Permissions/PermissionChecker.cs | 20 +++++++++++++------ .../PermissionCheckerExtensions.cs | 20 ------------------- .../Permissions/PermissionGrantResult.cs | 9 +++++++++ .../Permissions/PermissionValueProvider.cs | 2 +- .../RolePermissionValueProvider.cs | 8 ++++---- .../UserPermissionValueProvider.cs | 13 +++++------- .../Volo/Abp/Threading/TaskCache.cs | 16 +++++++++++++++ .../Volo.Abp.MultiTenancy.Abstractions.csproj | 3 +-- .../AbpMultiTenancyAbstractionsModule.cs | 6 ++++-- .../PermissionValueProviderGrantInfo.cs | 4 ++-- 15 files changed, 75 insertions(+), 67 deletions(-) delete mode 100644 framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs create mode 100644 framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs create mode 100644 framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs rename {framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions => modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement}/PermissionValueProviderGrantInfo.cs (78%) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs index 46e13bcc3d..cbddb7c3c7 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.Client/Volo/Abp/AspNetCore/Mvc/Client/RemotePermissionChecker.cs @@ -14,19 +14,17 @@ namespace Volo.Abp.AspNetCore.Mvc.Client ConfigurationClient = configurationClient; } - public async Task CheckAsync(string name) + public async Task IsGrantedAsync(string name) { var configuration = await ConfigurationClient.GetAsync(); - return new PermissionGrantInfo( - name, - configuration.Auth.GrantedPolicies.ContainsKey(name) - ); + return configuration.Auth.GrantedPolicies.ContainsKey(name); } - public Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { - return CheckAsync(name); + /* This provider always works for the current principal. */ + return IsGrantedAsync(name); } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs index 77c8f4b665..e3f4425289 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/AlwaysAllowPermissionChecker.cs @@ -1,5 +1,6 @@ using System.Security.Claims; using System.Threading.Tasks; +using Volo.Abp.Threading; namespace Volo.Abp.Authorization.Permissions { @@ -11,14 +12,14 @@ namespace Volo.Abp.Authorization.Permissions /// public class AlwaysAllowPermissionChecker : IPermissionChecker { - public Task CheckAsync(string name) + public Task IsGrantedAsync(string name) { - return Task.FromResult(new PermissionGrantInfo(name, true, "AlwaysAllow")); + return TaskCache.TrueResult; } - public Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { - return Task.FromResult(new PermissionGrantInfo(name, true, "AlwaysAllow")); + return TaskCache.TrueResult; } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs index b9eac0bab0..87b391443d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs @@ -15,21 +15,18 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value; if (clientId == null) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } - if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, clientId)) - { - return new PermissionValueProviderGrantInfo(true, clientId); - } - - return PermissionValueProviderGrantInfo.NonGranted; + return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, clientId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; } } } diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs index 833e09281c..b394a29f52 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionChecker.cs @@ -6,8 +6,8 @@ namespace Volo.Abp.Authorization.Permissions { public interface IPermissionChecker { - Task CheckAsync([NotNull]string name); + Task IsGrantedAsync([NotNull]string name); - Task CheckAsync([CanBeNull] ClaimsPrincipal claimsPrincipal, [NotNull]string name); + Task IsGrantedAsync([CanBeNull] ClaimsPrincipal claimsPrincipal, [NotNull]string name); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs index 73ba3bfd17..bf19132e23 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionValueProvider.cs @@ -7,6 +7,7 @@ namespace Volo.Abp.Authorization.Permissions { string Name { get; } - Task CheckAsync(PermissionValueCheckContext context); + //TODO: Rename to GetResult? (CheckAsync throws exception by naming convention) + Task CheckAsync(PermissionValueCheckContext context); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs index 7113571c16..624ed75146 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs @@ -41,12 +41,12 @@ namespace Volo.Abp.Authorization.Permissions ); } - public virtual Task CheckAsync(string name) + public virtual Task IsGrantedAsync(string name) { - return CheckAsync(PrincipalAccessor.Principal, name); + return IsGrantedAsync(PrincipalAccessor.Principal, name); } - public virtual async Task CheckAsync(ClaimsPrincipal claimsPrincipal, string name) + public virtual async Task IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name) { Check.NotNull(name, nameof(name)); @@ -55,6 +55,8 @@ namespace Volo.Abp.Authorization.Permissions claimsPrincipal ); + var isGranted = false; + foreach (var provider in ValueProviders) { if (context.Permission.Providers.Any() && @@ -64,13 +66,19 @@ namespace Volo.Abp.Authorization.Permissions } var result = await provider.CheckAsync(context); - if (result.IsGranted) + + if (result == PermissionGrantResult.Granted) + { + isGranted = true; + } + else if (result == PermissionGrantResult.Prohibited) { - return new PermissionGrantInfo(context.Permission.Name, true, provider.Name, result.ProviderKey); + isGranted = true; + break; } } - return new PermissionGrantInfo(context.Permission.Name, false); + return isGranted; } } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs deleted file mode 100644 index f9891862ff..0000000000 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionCheckerExtensions.cs +++ /dev/null @@ -1,20 +0,0 @@ -using System.Security.Claims; -using System.Threading.Tasks; - -namespace Volo.Abp.Authorization.Permissions -{ - public static class PermissionCheckerExtensions - { - public static async Task IsGrantedAsync(this IPermissionChecker permissionChecker, string name) - { - return (await permissionChecker.CheckAsync(name)).IsGranted; - } - - public static async Task IsGrantedAsync(this IPermissionChecker permissionChecker, ClaimsPrincipal principal, string name) - { - return (await permissionChecker.CheckAsync(principal, name)).IsGranted; - } - - //TODO: Add sync extensions - } -} diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs new file mode 100644 index 0000000000..0b8b23e426 --- /dev/null +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGrantResult.cs @@ -0,0 +1,9 @@ +namespace Volo.Abp.Authorization.Permissions +{ + public enum PermissionGrantResult + { + Undefined, + Granted, + Prohibited + } +} \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs index 066d876637..914bd4af34 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProvider.cs @@ -13,6 +13,6 @@ namespace Volo.Abp.Authorization.Permissions PermissionStore = permissionStore; } - public abstract Task CheckAsync(PermissionValueCheckContext context); + public abstract Task CheckAsync(PermissionValueCheckContext context); } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs index 1d200ac49a..a008190fbd 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/RolePermissionValueProvider.cs @@ -16,23 +16,23 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var roles = context.Principal?.FindAll(AbpClaimTypes.Role).Select(c => c.Value).ToArray(); if (roles == null || !roles.Any()) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } foreach (var role in roles) { if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, role)) { - return new PermissionValueProviderGrantInfo(true, role); + return PermissionGrantResult.Granted; } } - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs index 9f6022907e..f04a85910f 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/UserPermissionValueProvider.cs @@ -15,21 +15,18 @@ namespace Volo.Abp.Authorization.Permissions } - public override async Task CheckAsync(PermissionValueCheckContext context) + public override async Task CheckAsync(PermissionValueCheckContext context) { var userId = context.Principal?.FindFirst(AbpClaimTypes.UserId)?.Value; if (userId == null) { - return PermissionValueProviderGrantInfo.NonGranted; + return PermissionGrantResult.Undefined; } - if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, userId)) - { - return new PermissionValueProviderGrantInfo(true, userId); - } - - return PermissionValueProviderGrantInfo.NonGranted; + return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, userId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; } } } diff --git a/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs b/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs new file mode 100644 index 0000000000..0cb57ca0c5 --- /dev/null +++ b/framework/src/Volo.Abp.Core/Volo/Abp/Threading/TaskCache.cs @@ -0,0 +1,16 @@ +using System.Threading.Tasks; + +namespace Volo.Abp.Threading +{ + public static class TaskCache + { + public static Task TrueResult { get; } + public static Task FalseResult { get; } + + static TaskCache() + { + TrueResult = Task.FromResult(true); + FalseResult = Task.FromResult(false); + } + } +} diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj index 05291caa45..686edb7720 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj @@ -14,9 +14,8 @@ - + - diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs index 58de6cdb99..6b21f53443 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs @@ -1,10 +1,12 @@ -using Volo.Abp.Data; +using Volo.Abp.Authorization; +using Volo.Abp.Data; using Volo.Abp.Modularity; namespace Volo.Abp.MultiTenancy { [DependsOn( - typeof(AbpDataModule) + typeof(AbpDataModule), + typeof(AbpAuthorizationModule) )] public class AbpMultiTenancyAbstractionsModule : AbpModule //TODO: Rename to AbpMultiTenancyModule? { diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs similarity index 78% rename from framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs rename to modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs index 3c1fc47799..bf3265643d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueProviderGrantInfo.cs +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionValueProviderGrantInfo.cs @@ -1,8 +1,8 @@ using JetBrains.Annotations; -namespace Volo.Abp.Authorization.Permissions +namespace Volo.Abp.PermissionManagement { - public class PermissionValueProviderGrantInfo + public class PermissionValueProviderGrantInfo //TODO: Rename to PermissionGrantInfo { public static PermissionValueProviderGrantInfo NonGranted { get; } = new PermissionValueProviderGrantInfo(false); From 3565c2824d21b45908d5b9e96150a9e0e3995806 Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 11:20:36 +0300 Subject: [PATCH 3/6] Define TenantPermissionValueProvider --- .../Permissions/NullPermissionStore.cs | 3 +- .../PermissionValueCheckContext.cs | 4 +- .../AbpMultiTenancyAbstractionsModule.cs | 9 +++- .../TenantPermissionValueProvider.cs | 45 +++++++++++++++++++ 4 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/NullPermissionStore.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/NullPermissionStore.cs index b5c5cb5a4b..57c76ac6c9 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/NullPermissionStore.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/NullPermissionStore.cs @@ -2,6 +2,7 @@ using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; using Volo.Abp.DependencyInjection; +using Volo.Abp.Threading; namespace Volo.Abp.Authorization.Permissions { @@ -16,7 +17,7 @@ namespace Volo.Abp.Authorization.Permissions public Task IsGrantedAsync(string name, string providerName, string providerKey) { - return Task.FromResult(false); + return TaskCache.FalseResult; } } } \ No newline at end of file diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueCheckContext.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueCheckContext.cs index 83602a0c46..bc39384938 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueCheckContext.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionValueCheckContext.cs @@ -11,7 +11,9 @@ namespace Volo.Abp.Authorization.Permissions [CanBeNull] public ClaimsPrincipal Principal { get; } - public PermissionValueCheckContext([NotNull] PermissionDefinition permission, [CanBeNull] ClaimsPrincipal principal) + public PermissionValueCheckContext( + [NotNull] PermissionDefinition permission, + [CanBeNull] ClaimsPrincipal principal) { Check.NotNull(permission, nameof(permission)); diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs index 6b21f53443..1b72b7d292 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs @@ -1,4 +1,5 @@ using Volo.Abp.Authorization; +using Volo.Abp.Authorization.Permissions; using Volo.Abp.Data; using Volo.Abp.Modularity; @@ -10,6 +11,12 @@ namespace Volo.Abp.MultiTenancy )] public class AbpMultiTenancyAbstractionsModule : AbpModule //TODO: Rename to AbpMultiTenancyModule? { - + public override void ConfigureServices(ServiceConfigurationContext context) + { + Configure(options => + { + options.ValueProviders.Add(); + }); + } } } diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs new file mode 100644 index 0000000000..94bd018823 --- /dev/null +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs @@ -0,0 +1,45 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Security.Claims; + +namespace Volo.Abp.MultiTenancy +{ + public class TenantPermissionValueProvider : PermissionValueProvider + { + public const string ProviderName = "Tenant"; + + public override string Name => ProviderName; + + protected ICurrentTenant CurrentTenant { get; } + + public TenantPermissionValueProvider( + IPermissionStore permissionStore, + ICurrentTenant currentTenant) + : base(permissionStore) + { + CurrentTenant = currentTenant; + } + + public override async Task CheckAsync(PermissionValueCheckContext context) + { + if (!context.Permission.IsFeature) + { + return PermissionGrantResult.Undefined; + } + + var tenantId = context.Principal?.FindFirst(AbpClaimTypes.TenantId)?.Value; + + if (tenantId == null) + { + return PermissionGrantResult.Undefined; + } + + using (CurrentTenant.Change(null)) + { + return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, tenantId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; + } + } + } +} From fcaa7058414472af3af6bf0322e92c4e1b6b2824 Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 11:23:16 +0300 Subject: [PATCH 4/6] Fix PermissionChecker --- .../Volo/Abp/Authorization/Permissions/PermissionChecker.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs index 624ed75146..d69ac81e78 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs @@ -73,8 +73,7 @@ namespace Volo.Abp.Authorization.Permissions } else if (result == PermissionGrantResult.Prohibited) { - isGranted = true; - break; + return false; } } From 2b403ada8ba88c03da15d27f80cb57f97d800cc7 Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 11:49:36 +0300 Subject: [PATCH 5/6] Remove tenant permission provider --- .../Permissions/PermissionDefinition.cs | 14 ++---- .../Permissions/PermissionGroupDefinition.cs | 5 +-- .../AbpMultiTenancyAbstractionsModule.cs | 9 +--- .../TenantPermissionValueProvider.cs | 45 ------------------- 4 files changed, 6 insertions(+), 67 deletions(-) delete mode 100644 framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs index ce81f4e00d..de4ca1221f 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs @@ -24,11 +24,6 @@ namespace Volo.Abp.Authorization.Permissions /// public List Providers { get; } //TODO: Rename to AllowedProviders? - /// - /// Used to mark this permission as also a feature of the application. - /// - public bool IsFeature { get; set; } - public ILocalizableString DisplayName { get => _displayName; @@ -60,12 +55,10 @@ namespace Volo.Abp.Authorization.Permissions protected internal PermissionDefinition( [NotNull] string name, - ILocalizableString displayName = null, - bool isFeature = false) + ILocalizableString displayName = null) { Name = Check.NotNull(name, nameof(name)); DisplayName = displayName ?? new FixedLocalizableString(name); - IsFeature = isFeature; Properties = new Dictionary(); Providers = new List(); @@ -74,10 +67,9 @@ namespace Volo.Abp.Authorization.Permissions public virtual PermissionDefinition AddChild( [NotNull] string name, - ILocalizableString displayName = null, - bool isFeature = false) + ILocalizableString displayName = null) { - var child = new PermissionDefinition(name, displayName, isFeature) + var child = new PermissionDefinition(name, displayName) { Parent = this }; diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs index c4fe93e739..623db24c8a 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionGroupDefinition.cs @@ -50,10 +50,9 @@ namespace Volo.Abp.Authorization.Permissions public virtual PermissionDefinition AddPermission( string name, - ILocalizableString displayName = null, - bool isFeature = false) + ILocalizableString displayName = null) { - var permission = new PermissionDefinition(name, displayName, isFeature); + var permission = new PermissionDefinition(name, displayName); _permissions.Add(permission); diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs index 1b72b7d292..6b21f53443 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs @@ -1,5 +1,4 @@ using Volo.Abp.Authorization; -using Volo.Abp.Authorization.Permissions; using Volo.Abp.Data; using Volo.Abp.Modularity; @@ -11,12 +10,6 @@ namespace Volo.Abp.MultiTenancy )] public class AbpMultiTenancyAbstractionsModule : AbpModule //TODO: Rename to AbpMultiTenancyModule? { - public override void ConfigureServices(ServiceConfigurationContext context) - { - Configure(options => - { - options.ValueProviders.Add(); - }); - } + } } diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs deleted file mode 100644 index 94bd018823..0000000000 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/TenantPermissionValueProvider.cs +++ /dev/null @@ -1,45 +0,0 @@ -using System.Threading.Tasks; -using Volo.Abp.Authorization.Permissions; -using Volo.Abp.Security.Claims; - -namespace Volo.Abp.MultiTenancy -{ - public class TenantPermissionValueProvider : PermissionValueProvider - { - public const string ProviderName = "Tenant"; - - public override string Name => ProviderName; - - protected ICurrentTenant CurrentTenant { get; } - - public TenantPermissionValueProvider( - IPermissionStore permissionStore, - ICurrentTenant currentTenant) - : base(permissionStore) - { - CurrentTenant = currentTenant; - } - - public override async Task CheckAsync(PermissionValueCheckContext context) - { - if (!context.Permission.IsFeature) - { - return PermissionGrantResult.Undefined; - } - - var tenantId = context.Principal?.FindFirst(AbpClaimTypes.TenantId)?.Value; - - if (tenantId == null) - { - return PermissionGrantResult.Undefined; - } - - using (CurrentTenant.Change(null)) - { - return await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, tenantId) - ? PermissionGrantResult.Granted - : PermissionGrantResult.Undefined; - } - } - } -} From 9c0a22d1bf07a5ed6c5294cdd3b149c519a492ad Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Wed, 27 Feb 2019 11:53:41 +0300 Subject: [PATCH 6/6] Added AbpSecurityModule. --- .../Volo.Abp.MultiTenancy.Abstractions.csproj | 2 +- .../Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj index 686edb7720..18660be71e 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo.Abp.MultiTenancy.Abstractions.csproj @@ -14,8 +14,8 @@ - + diff --git a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs index 6b21f53443..5d33034993 100644 --- a/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs +++ b/framework/src/Volo.Abp.MultiTenancy.Abstractions/Volo/Abp/MultiTenancy/AbpMultiTenancyAbstractionsModule.cs @@ -1,12 +1,12 @@ -using Volo.Abp.Authorization; -using Volo.Abp.Data; +using Volo.Abp.Data; using Volo.Abp.Modularity; +using Volo.Abp.Security; namespace Volo.Abp.MultiTenancy { [DependsOn( typeof(AbpDataModule), - typeof(AbpAuthorizationModule) + typeof(AbpSecurityModule) )] public class AbpMultiTenancyAbstractionsModule : AbpModule //TODO: Rename to AbpMultiTenancyModule? {