Respect to multitenancy side while getting & setting permissions.

6 years ago · acf84e5c40
parent 65a2d89b18
commit acf84e5c40
4 changed files with 59 additions and 15 deletions
--- a/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs
+++ b/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs
@ -16,5 +16,12 @@ namespace Volo.Abp.MultiTenancy

            return currentTenant.Id.Value;
        }
+
+        public static MultiTenancySides GetMultiTenancySide(this ICurrentTenant currentTenant)
+        {
+            return currentTenant.Id.HasValue
+                ? MultiTenancySides.Tenant
+                : MultiTenancySides.Host;
+        }
    }
 }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@ -7,6 +7,7 @@ using Microsoft.Extensions.Localization;
 using Microsoft.Extensions.Options;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.MultiTenancy;

 namespace Volo.Abp.PermissionManagement
 {
@ -41,6 +42,8 @@ namespace Volo.Abp.PermissionManagement
                Groups = new List<PermissionGroupDto>()
            };

+            var multiTenancySide = CurrentTenant.GetMultiTenancySide();
+
            foreach (var group in _permissionDefinitionManager.GetGroups())
            {
                var groupDto = new PermissionGroupDto
@ -57,6 +60,11 @@ namespace Volo.Abp.PermissionManagement
                        continue;
                    }

+                    if (!permission.MultiTenancySide.HasFlag(multiTenancySide))
+                    {
+                        continue;
+                    }
+
                    var grantInfoDto = new PermissionGrantInfoDto
                    {
                        Name = permission.Name,
@ -97,13 +105,6 @@ namespace Volo.Abp.PermissionManagement

            foreach (var permissionDto in input.Permissions)
            {
-                var permissionDefinition = _permissionDefinitionManager.Get(permissionDto.Name);
-                if (permissionDefinition.Providers.Any() && 
-                    !permissionDefinition.Providers.Contains(providerName))
-                {
-                    throw new ApplicationException($"The permission named '{permissionDto.Name}' has not compatible with the provider named '{providerName}'");
-                }
-
                await _permissionManager.SetAsync(permissionDto.Name, providerName, providerKey, permissionDto.IsGranted);
            }
        }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs
@ -3,28 +3,34 @@ using System.Threading.Tasks;
 using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.Data;
 using Volo.Abp.DependencyInjection;
+using Volo.Abp.MultiTenancy;

 namespace Volo.Abp.PermissionManagement
 {
    public class PermissionDataSeedContributor : IDataSeedContributor, ITransientDependency
    {
+        protected ICurrentTenant CurrentTenant { get; }
+
        protected IPermissionDefinitionManager PermissionDefinitionManager { get; }
        protected IPermissionDataSeeder PermissionDataSeeder { get; }

        public PermissionDataSeedContributor(
            IPermissionDefinitionManager permissionDefinitionManager,
-            IPermissionDataSeeder permissionDataSeeder)
+            IPermissionDataSeeder permissionDataSeeder,
+            ICurrentTenant currentTenant)
        {
            PermissionDefinitionManager = permissionDefinitionManager;
            PermissionDataSeeder = permissionDataSeeder;
+            CurrentTenant = currentTenant;
        }

-        public Task SeedAsync(DataSeedContext context)
+        public virtual Task SeedAsync(DataSeedContext context)
        {
+            var multiTenancySide = CurrentTenant.GetMultiTenancySide();
            var permissionNames = PermissionDefinitionManager
                .GetPermissions()
+                .Where(p => p.MultiTenancySide.HasFlag(multiTenancySide))
                .Select(p => p.Name)
-                //TODO: Filter host/tenant permissions!
                .ToArray();

            return PermissionDataSeeder.SeedAsync(
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs
@ -7,6 +7,7 @@ using Microsoft.Extensions.Options;
 using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Guids;
+using Volo.Abp.MultiTenancy;

 namespace Volo.Abp.PermissionManagement
 {
@ -18,6 +19,8 @@ namespace Volo.Abp.PermissionManagement

        protected IGuidGenerator GuidGenerator { get; }

+        protected ICurrentTenant CurrentTenant { get; }
+
        protected IReadOnlyList<IPermissionManagementProvider> ManagementProviders => _lazyProviders.Value;

        protected PermissionManagementOptions Options { get; }
@ -29,9 +32,11 @@ namespace Volo.Abp.PermissionManagement
            IPermissionGrantRepository permissionGrantRepository,
            IServiceProvider serviceProvider,
            IGuidGenerator guidGenerator,
-            IOptions<PermissionManagementOptions> options)
+            IOptions<PermissionManagementOptions> options,
+            ICurrentTenant currentTenant)
        {
            GuidGenerator = guidGenerator;
+            CurrentTenant = currentTenant;
            PermissionGrantRepository = permissionGrantRepository;
            PermissionDefinitionManager = permissionDefinitionManager;
            Options = options.Value;
@ -64,7 +69,21 @@ namespace Volo.Abp.PermissionManagement

        public async Task SetAsync(string permissionName, string providerName, string providerKey, bool isGranted)
        {
-            var currentGrantInfo = await GetAsync(permissionName, providerName, providerKey);
+            var permission = PermissionDefinitionManager.Get(permissionName);
+
+            if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+            {
+                //TODO: BusinessException
+                throw new ApplicationException($"The permission named '{permission.Name}' has not compatible with the provider named '{providerName}'");
+            }
+
+            if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
+            {
+                //TODO: BusinessException
+                throw new ApplicationException($"The permission named '{permission.Name}' has multitenancy side '{permission.MultiTenancySide}' which is not compatible with the current multitenancy side '{CurrentTenant.GetMultiTenancySide()}'");
+            }
+
+            var currentGrantInfo = await GetInternalAsync(permission, providerName, providerKey);
            if (currentGrantInfo.IsGranted == isGranted)
            {
                return;
@ -73,19 +92,30 @@ namespace Volo.Abp.PermissionManagement
            var provider = ManagementProviders.FirstOrDefault(m => m.Name == providerName);
            if (provider == null)
            {
+                //TODO: BusinessException
                throw new AbpException("Unknown permission management provider: " + providerName);
            }

            await provider.SetAsync(permissionName, providerKey, isGranted);
        }

-        protected virtual async Task<PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permissionDefinition, string providerName, string providerKey)
+        protected virtual async Task<PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permission, string providerName, string providerKey)
        {
-            var result = new PermissionWithGrantedProviders(permissionDefinition.Name, false);
+            var result = new PermissionWithGrantedProviders(permission.Name, false);
+
+            if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
+            {
+                return result;
+            }
+
+            if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+            {
+                return result;
+            }

            foreach (var provider in ManagementProviders)
            {
-                var providerResult = await provider.CheckAsync(permissionDefinition.Name, providerName, providerKey);
+                var providerResult = await provider.CheckAsync(permission.Name, providerName, providerKey);
                if (providerResult.IsGranted)
                {
                    result.IsGranted = true;