mirror of https://github.com/abpframework/abp
Merge pull request #9330 from abpframework/auto-merge/rel-4-3/449
Merge branch dev with rel-4.3pull/9332/head
maliming
4 years ago
committed by
GitHub
commit
d213af3334
@ -1,5 +1,106 @@
|
||||
# Feature Management Module
|
||||
|
||||
> This module implements the `IFeatureStore` to store and manage feature values in a database. See the [Features System document](../Features.md) to understand the features first.
|
||||
The Feature Management module implements the `IFeatureManagementStore` interface defined by the [Feature System](../Features.md).
|
||||
|
||||
> This document covers only the feature management module which persists feature values to a database. See [the features](../Features.md) document for more about the feature system.
|
||||
|
||||
## How to Install
|
||||
|
||||
This module comes as pre-installed (as NuGet/NPM packages) when you [create a new solution](https://abp.io/get-started) with the ABP Framework. You can continue to use it as package and get updates easily, or you can include its source code into your solution (see `get-source` [CLI](../CLI.md) command) to develop your custom module.
|
||||
|
||||
### The Source Code
|
||||
|
||||
The source code of this module can be accessed [here](https://github.com/abpframework/abp/tree/dev/modules/feature-management). The source code is licensed with [MIT](https://choosealicense.com/licenses/mit/), so you can freely use and customize it.
|
||||
|
||||
## User Interface
|
||||
|
||||
### Feature Management Dialog
|
||||
|
||||
Feature management module provides a reusable dialog to manage features related to an object. For example, the [Tenant Management Module](Tenant-Management.md) uses it to manage features of tenants in the Tenant Management page.
|
||||
|
||||
|
||||
|
||||
When you click *Actions* -> *Features* for a tenant, the feature management dialog is opened. An example screenshot from this dialog with two features defined:
|
||||
|
||||
|
||||
|
||||
In this dialog, you can enable, disable or set values for the features for a tenant.
|
||||
|
||||
## IFeatureManager
|
||||
|
||||
`IFeatureManager` is the main service provided by this module. It is used to read and change the setting values for the tenants in a multi-tenant application. `IFeatureManager` is typically used by the *Feature Management Dialog*. However, you can inject it if you need to set a feature value.
|
||||
|
||||
> If you just want to read feature values, use the `IFeatureChecker` as explained in the [Features document](../Features.md).
|
||||
|
||||
**Example: Get/set a feature's value for a tenant**
|
||||
|
||||
````csharp
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
using Volo.Abp.DependencyInjection;
|
||||
using Volo.Abp.FeatureManagement;
|
||||
|
||||
namespace Demo
|
||||
{
|
||||
public class MyService : ITransientDependency
|
||||
{
|
||||
private readonly IFeatureManager _featureManager;
|
||||
|
||||
public MyService(IFeatureManager featureManager)
|
||||
{
|
||||
_featureManager = featureManager;
|
||||
}
|
||||
|
||||
public async Task SetFeatureDemoAsync(Guid tenantId, string value)
|
||||
{
|
||||
await _featureManager
|
||||
.SetForTenantAsync(tenantId, "Feature1", value);
|
||||
|
||||
var currentValue = await _featureManager
|
||||
.GetOrNullForTenantAsync("Feature1", tenantId);
|
||||
}
|
||||
}
|
||||
}
|
||||
````
|
||||
|
||||
## Feature Management Providers
|
||||
|
||||
Features Management Module is extensible, just like the [features system](../Features.md). You can extend it by defining feature management providers. There are 3 pre-built feature management providers registered it the following order:
|
||||
|
||||
* `DefaultValueFeatureManagementProvider`: Gets the value from the default value of the feature definition. It can not set the default value since default values are hard-coded on the feature definition.
|
||||
* `EditionFeatureManagementProvider`: Gets or sets the feature values for an edition. Edition is a group of features assigned to tenants. Edition system has not implemented by the Tenant Management module. You can implement it yourself or purchase the ABP Commercial [SaaS Module](https://commercial.abp.io/modules/Volo.Saas) which implements it and also provides more SaaS features, like subscription and payment.
|
||||
* `TenantFeatureManagementProvider`: Gets or sets the features values for tenants.
|
||||
|
||||
`IFeatureManager` uses these providers on get/set methods. Typically, every feature management provider defines extension methods on the `IFeatureManager` service (like `SetForTenantAsync` defined by the tenant feature management provider).
|
||||
|
||||
If you want to create your own provider, implement the `IFeatureManagementProvider` interface or inherit from the `FeatureManagementProvider` base class:
|
||||
|
||||
````csharp
|
||||
public class CustomFeatureProvider : FeatureManagementProvider
|
||||
{
|
||||
public override string Name => "Custom";
|
||||
|
||||
public CustomFeatureProvider(IFeatureManagementStore store)
|
||||
: base(store)
|
||||
{
|
||||
}
|
||||
}
|
||||
````
|
||||
|
||||
`FeatureManagementProvider` base class makes the default implementation (using the `IFeatureManagementStore`) for you. You can override base methods as you need. Every provider must have a unique name, which is `Custom` in this example (keep it short since it is saved to database for each feature value record).
|
||||
|
||||
Once you create your provider class, you should register it using the `FeatureManagementOptions` [options class](../Options.md):
|
||||
|
||||
````csharp
|
||||
Configure<FeatureManagementOptions>(options =>
|
||||
{
|
||||
options.Providers.Add<CustomFeatureProvider>();
|
||||
});
|
||||
````
|
||||
|
||||
The order of the providers are important. Providers are executed in the reverse order. That means the `CustomFeatureProvider` is executed first for this example. You can insert your provider in any order in the `Providers` list.
|
||||
|
||||
## See Also
|
||||
|
||||
* [Features](../Features.md)
|
||||
|
||||
TODO
|
||||
@ -1,3 +1,173 @@
|
||||
# IdentityServer Module
|
||||
|
||||
TODO
|
||||
IdentityServer module provides a full integration with the [IdentityServer](https://github.com/IdentityServer/IdentityServer4) (IDS) framework, which provides advanced authentication features like single sign-on and API access control. This module persists clients, resources and other IDS-related objects to database.
|
||||
|
||||
## How to Install
|
||||
|
||||
This module comes as pre-installed (as NuGet/NPM packages) when you [create a new solution](https://abp.io/get-started) with the ABP Framework. You can continue to use it as package and get updates easily, or you can include its source code into your solution (see `get-source` [CLI](../CLI.md) command) to develop your custom module.
|
||||
|
||||
### The Source Code
|
||||
|
||||
The source code of this module can be accessed [here](https://github.com/abpframework/abp/tree/dev/modules/identityserver). The source code is licensed with [MIT](https://choosealicense.com/licenses/mit/), so you can freely use and customize it.
|
||||
|
||||
## User Interface
|
||||
|
||||
This module implements the domain logic and database integrations, but not provides any UI. Management UI is useful if you need to add clients and resources on the fly. In this case, you may build the management UI yourself or consider to purchase the [ABP Commercial](https://commercial.abp.io/) which provides the management UI for this module.
|
||||
|
||||
## Relations to Other Modules
|
||||
|
||||
This module is based on the [Identity Module](Identity.md) and have an [integration package](https://www.nuget.org/packages/Volo.Abp.Account.Web.IdentityServer) with the [Account Module](Account.md).
|
||||
|
||||
## Options
|
||||
|
||||
### AbpIdentityServerBuilderOptions
|
||||
|
||||
`AbpIdentityServerBuilderOptions` can be configured in `PreConfigureServices` method of your Identity Server [module](https://docs.abp.io/en/abp/latest/Module-Development-Basics). Example:
|
||||
|
||||
````csharp
|
||||
public override void PreConfigureServices(ServiceConfigurationContext context)
|
||||
{
|
||||
PreConfigure<AbpIdentityServerBuilderOptions>(builder =>
|
||||
{
|
||||
//Set options here...
|
||||
});
|
||||
}
|
||||
````
|
||||
|
||||
`AbpIdentityServerBuilderOptions` properties:
|
||||
|
||||
* `UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap` (default: true): Updates `JwtSecurityTokenHandler.DefaultInboundClaimTypeMap` to be compatible with Identity Server claims.
|
||||
* `UpdateAbpClaimTypes` (default: true): Updates `AbpClaimTypes` to be compatible with identity server claims.
|
||||
* `IntegrateToAspNetIdentity` (default: true): Integrate to ASP.NET Identity.
|
||||
* `AddDeveloperSigningCredential` (default: true): Set false to suppress AddDeveloperSigningCredential() call on the IIdentityServerBuilder.
|
||||
|
||||
`IIdentityServerBuilder` can be configured in `PreConfigureServices` method of your Identity Server [module](https://docs.abp.io/en/abp/latest/Module-Development-Basics). Example:
|
||||
|
||||
````csharp
|
||||
public override void PreConfigureServices(ServiceConfigurationContext context)
|
||||
{
|
||||
PreConfigure<IIdentityServerBuilder>(builder =>
|
||||
{
|
||||
builder.AddSigningCredential(...);
|
||||
});
|
||||
}
|
||||
````
|
||||
|
||||
## Internals
|
||||
|
||||
### Domain Layer
|
||||
|
||||
#### Aggregates
|
||||
|
||||
##### ApiResource
|
||||
|
||||
API Resources are needed for allowing clients to request access tokens.
|
||||
|
||||
* `ApiResource` (aggregate root): Represents an API resource in the system.
|
||||
* `ApiSecret` (collection): secrets of the API resource.
|
||||
* `ApiScope` (collection): scopes of the API resource.
|
||||
* `ApiResourceClaim` (collection): claims of the API resource.
|
||||
|
||||
##### Client
|
||||
|
||||
Clients represent applications that can request tokens from your Identity Server.
|
||||
|
||||
* `Client` (aggregate root): Represents an Identity Server client application.
|
||||
* `ClientScope` (collection): Scopes of the client.
|
||||
* `ClientSecret` (collection): Secrets of the client.
|
||||
* `ClientGrantType` (collection): Grant types of the client.
|
||||
* `ClientCorsOrigin` (collection): CORS origins of the client.
|
||||
* `ClientRedirectUri` (collection): redirect URIs of the client.
|
||||
* `ClientPostLogoutRedirectUri` (collection): Logout redirect URIs of the client.
|
||||
* `ClientIdPRestriction` (collection): Provider restrictions of the client.
|
||||
* `ClientClaim` (collection): Claims of the client.
|
||||
* `ClientProperty` (collection): Custom properties of the client.
|
||||
|
||||
##### PersistedGrant
|
||||
|
||||
Persisted Grants stores AuthorizationCodes, RefreshTokens and UserConsent.
|
||||
|
||||
* `PersistedGrant` (aggregate root): Represents PersistedGrant for identity server.
|
||||
|
||||
##### IdentityResource
|
||||
|
||||
Identity resources are data like user ID, name, or email address of a user.
|
||||
|
||||
* `IdentityResource` (aggregate root): Represents and Identity Server identity resource.
|
||||
* `IdentityClaim` (collection): Claims of identity resource.
|
||||
|
||||
#### Repositories
|
||||
|
||||
Following custom repositories are defined for this module:
|
||||
|
||||
* `IApiResourceRepository`
|
||||
* `IClientRepository`
|
||||
* `IPersistentGrantRepository`
|
||||
* `IIdentityResourceRepository`
|
||||
|
||||
#### Domain Services
|
||||
|
||||
This module doesn't contain any domain service but overrides the services below;
|
||||
|
||||
* `AbpProfileService` (Used when `AbpIdentityServerBuilderOptions.IntegrateToAspNetIdentity` is true)
|
||||
* `AbpClaimsService`
|
||||
* `AbpCorsPolicyService`
|
||||
|
||||
### Settings
|
||||
|
||||
This module doesn't define any settings.
|
||||
|
||||
### Application Layer
|
||||
|
||||
#### Application Services
|
||||
|
||||
* `ApiResourceAppService` (implements `IApiResourceAppService`): Implements the use cases of the API resource management UI.
|
||||
* `IdentityServerClaimTypeAppService` (implement `IIdentityServerClaimTypeAppService`): Used to get list of claims.
|
||||
* `ApiResourceAppService` (implements `IApiResourceAppService`): Implements the use cases of the API resource management UI.
|
||||
* `IdentityResourceAppService` (implements `IIdentityResourceAppService`): Implements the use cases of the Identity resource management UI.
|
||||
|
||||
### Database Providers
|
||||
|
||||
#### Common
|
||||
|
||||
##### Table/Collection Prefix & Schema
|
||||
|
||||
All tables/collections use the `IdentityServer` prefix by default. Set static properties on the `AbpIdentityServerDbProperties` class if you need to change the table prefix or set a schema name (if supported by your database provider).
|
||||
|
||||
##### Connection String
|
||||
|
||||
This module uses `AbpIdentityServer` for the connection string name. If you don't define a connection string with this name, it fallbacks to the `Default` connection string.
|
||||
|
||||
See the [connection strings](https://docs.abp.io/en/abp/latest/Connection-Strings) documentation for details.
|
||||
|
||||
#### Entity Framework Core
|
||||
|
||||
##### Tables
|
||||
|
||||
* **IdentityServerApiResources**
|
||||
* IdentityServerApiSecrets
|
||||
* IdentityServerApiScopes
|
||||
* IdentityServerApiScopeClaims
|
||||
* IdentityServerApiClaims
|
||||
* **IdentityServerClients**
|
||||
* IdentityServerClientScopes
|
||||
* IdentityServerClientSecrets
|
||||
* IdentityServerClientGrantTypes
|
||||
* IdentityServerClientCorsOrigins
|
||||
* IdentityServerClientRedirectUris
|
||||
* IdentityServerClientPostLogoutRedirectUris
|
||||
* IdentityServerClientIdPRestrictions
|
||||
* IdentityServerClientClaims
|
||||
* IdentityServerClientProperties
|
||||
* **IdentityServerPersistedGrants**
|
||||
* **IdentityServerIdentityResources**
|
||||
* IdentityServerIdentityClaims
|
||||
|
||||
#### MongoDB
|
||||
|
||||
##### Collections
|
||||
|
||||
* **IdentityServerApiResources**
|
||||
* **IdentityServerClients**
|
||||
* **IdentityServerPersistedGrants**
|
||||
* **IdentityServerIdentityResources**
|
||||
@ -1,5 +1,109 @@
|
||||
# Permission Management Module
|
||||
|
||||
This module implements the `IPermissionStore` to store and manage feature values in a database. See the [Authorization document](../Authorization.md) to understand the authorization and permission systems first.
|
||||
This module implements the `IPermissionStore` to store and manage permissions values in a database.
|
||||
|
||||
TODO
|
||||
> This document covers only the permission management module which persists permission values to a database. See the [Authorization document](../Authorization.md) to understand the authorization and permission systems.
|
||||
|
||||
## How to Install
|
||||
|
||||
This module comes as pre-installed (as NuGet/NPM packages) when you [create a new solution](https://abp.io/get-started) with the ABP Framework. You can continue to use it as package and get updates easily, or you can include its source code into your solution (see `get-source` [CLI](../CLI.md) command) to develop your custom module.
|
||||
|
||||
### The Source Code
|
||||
|
||||
The source code of this module can be accessed [here](https://github.com/abpframework/abp/tree/dev/modules/permission-management). The source code is licensed with [MIT](https://choosealicense.com/licenses/mit/), so you can freely use and customize it.
|
||||
|
||||
## User Interface
|
||||
|
||||
### Permission Management Dialog
|
||||
|
||||
Permission management module provides a reusable dialog to manage permissions related to an object. For example, the [Identity Module](Identity.md) uses it to manage permissions of users and roles. The following image shows Identity Module's Role Management page:
|
||||
|
||||
|
||||
|
||||
When you click *Actions* -> *Permissions* for a role, the permission management dialog is opened. An example screenshot from this dialog:
|
||||
|
||||
|
||||
|
||||
In this dialog, you can grant permissions for the selected role. The tabs in the left side represents main permission groups and the right side contains the permissions defined in the selected group.
|
||||
|
||||
## IPermissionManager
|
||||
|
||||
`IPermissionManager` is the main service provided by this module. It is used to read and change the permission values. `IPermissionManager` is typically used by the *Feature Management Dialog*. However, you can inject it if you need to set a permission value.
|
||||
|
||||
> If you just want to read/check permission values for the current user, use the `IAuthorizationService` or the `[Authorize]` attribute as explained in the [Authorization document](../Authorization.md).
|
||||
|
||||
**Example: Grant permissions to roles and users using the `IPermissionManager` service**
|
||||
|
||||
````csharp
|
||||
public class MyService : ITransientDependency
|
||||
{
|
||||
private readonly IPermissionManager _permissionManager;
|
||||
|
||||
public MyService(IPermissionManager permissionManager)
|
||||
{
|
||||
_permissionManager = permissionManager;
|
||||
}
|
||||
|
||||
public async Task GrantRolePermissionDemoAsync(
|
||||
string roleName, string permission)
|
||||
{
|
||||
await _permissionManager
|
||||
.SetForRoleAsync(roleName, permission, true);
|
||||
}
|
||||
|
||||
public async Task GrantUserPermissionDemoAsync(
|
||||
Guid userId, string roleName, string permission)
|
||||
{
|
||||
await _permissionManager
|
||||
.SetForUserAsync(userId, permission, true);
|
||||
}
|
||||
}
|
||||
````
|
||||
|
||||
## Permission Management Providers
|
||||
|
||||
Permission Management Module is extensible, just like the [permission system](../Authorization.md). You can extend it by defining permission management providers.
|
||||
|
||||
[Identity Module](Identity.md) defines the following permission management providers:
|
||||
|
||||
* `UserPermissionManagementProvider`: Manages user-based permissions.
|
||||
* `RolePermissionManagementProvider`: Manages role-based permissions.
|
||||
|
||||
`IPermissionManager` uses these providers when you get/set permissions. You can define your own provider by implementing the `IPermissionManagementProvider` or inheriting from the `PermissionManagementProvider` base class.
|
||||
|
||||
**Example:**
|
||||
|
||||
````csharp
|
||||
public class CustomPermissionManagementProvider : PermissionManagementProvider
|
||||
{
|
||||
public override string Name => "Custom";
|
||||
|
||||
public CustomPermissionManagementProvider(
|
||||
IPermissionGrantRepository permissionGrantRepository,
|
||||
IGuidGenerator guidGenerator,
|
||||
ICurrentTenant currentTenant)
|
||||
: base(
|
||||
permissionGrantRepository,
|
||||
guidGenerator,
|
||||
currentTenant)
|
||||
{
|
||||
}
|
||||
}
|
||||
````
|
||||
|
||||
`PermissionManagementProvider` base class makes the default implementation (using the `IPermissionGrantRepository`) for you. You can override base methods as you need. Every provider must have a unique name, which is `Custom` in this example (keep it short since it is saved to database for each feature value record).
|
||||
|
||||
Once you create your provider class, you should register it using the `FeatureManagementOptions` [options class](../Options.md):
|
||||
|
||||
````csharp
|
||||
Configure<PermissionManagementOptions>(options =>
|
||||
{
|
||||
options.ManagementProviders.Add<CustomPermissionManagementProvider>();
|
||||
});
|
||||
````
|
||||
|
||||
The order of the providers are important. Providers are executed in the reverse order. That means the `CustomPermissionManagementProvider` is executed first for this example. You can insert your provider in any order in the `Providers` list.
|
||||
|
||||
## See Also
|
||||
|
||||
* [Authorization](../Authorization.md)
|
||||
|
After Width: | Height: | Size: 24 KiB |
|
After Width: | Height: | Size: 31 KiB |
|
After Width: | Height: | Size: 25 KiB |
Loading…
Reference in new issue