public virtual async Task <List <SettingGroup> > GroupSettingDefinitions()
{
if (!await AuthorizationService.IsGrantedAsync(SettingUiPermissions.ShowSettingPage))
{
throw new AbpAuthorizationException("Authorization failed! No SettingUi policy granted.");
}
// Merge all setting properties into one dictionary
var settingProperties = GetMergedSettingProperties();
var definedSettingUiPermissions = _permissionDefinitionManager.GetPermissions()
.Where(p => p.Name.StartsWith(SettingUiPermissions.GroupName))
.ToList()
;
// Set properties of the setting definitions
var settingDefinitions = await SetSettingDefinitionPropertiesAsync(settingProperties, definedSettingUiPermissions);
// Group the setting definitions
var groups = new List <SettingGroup>();
foreach (var settingGroup in settingDefinitions
.GroupBy(sd => sd.Properties[SettingUiConst.Group1].ToString())
.Select(grp => new SettingGroup
{
GroupName = grp.Key,
GroupDisplayName = _localizer[grp.Key !],
private async Task <PermissionConfiguration> GetPermissionConfigurationAsync()
{
PermissionConfiguration permissionConfiguration = new();
IEnumerable <string> policyNames = _permissionDefinitionManager.GetPermissions().Select(p => p.Name);
PropertyInfo?policyMapProperty = typeof(AuthorizationOptions).GetProperty("PolicyMap", BindingFlags.Instance | BindingFlags.NonPublic);
if (policyMapProperty is not null)
{
object?policyMapPropertyValue = policyMapProperty.GetValue(_authorizationOptions);
if (policyMapPropertyValue is not null)
{
policyNames = policyNames.Union(((IDictionary <string, AuthorizationPolicy>)policyMapPropertyValue).Keys.ToList());
}
}
List <string> permissionPolicyNames = new();
List <string> otherPolicyNames = new();
foreach (var policyName in policyNames)
{
if (_permissionDefinitionManager.GetOrNull(policyName) is not null)
{
permissionPolicyNames.Add(policyName);
}
else
{
otherPolicyNames.Add(policyName);
}
}
foreach (var policyName in otherPolicyNames)
{
permissionConfiguration.Policies[policyName] = true;
if (_httpContextAccessor is not null && _httpContextAccessor.HttpContext is not null)
{
if ((await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User, policyName)).Succeeded)
{
permissionConfiguration.GrantedPolicies[policyName] = true;
}
}
}
MultiplePermissionGrantResult result = await _permissionChecker.IsGrantedAsync(permissionPolicyNames.ToArray());
foreach (var(key, value) in result.Result)
{
permissionConfiguration.Policies[key] = true;
if (value == PermissionGrantResult.Granted)
{
permissionConfiguration.GrantedPolicies[key] = true;
}
}
return(permissionConfiguration);
}
public async Task SeedAsync(IServiceProvider serviceProvider)
{
var permissionNames = _permissionDefinitionManager.GetPermissions().Where(p => !p.AllowedProviders.Any() || p.AllowedProviders.Contains(RolePermissionValueProvider.ProviderName)).Select(p => p.Name).ToArray();
var permissionModels = Array.ConvertAll(permissionNames, pn => new PermissionUpdateRequestModel {
Name = pn, IsGranted = true
});
await _permissionService.UpdateAsync(RolePermissionValueProvider.ProviderName, "role1", permissionModels);
await _permissionService.UpdateAsync(UserPermissionValueProvider.ProviderName, "user3", permissionModels);
}
public Task <List <string> > GetPoliciesNamesAsync()
{
return(Task.FromResult(
_options.GetPoliciesNames()
.Union(
_permissionDefinitionManager
.GetPermissions()
.Select(p => p.Name)
)
.ToList()
));
}
protected virtual async Task <(string Key, bool IsGranted)> SetCacheItemsAsync(string providerName, string providerKey, string currentName)
{
var permissions = _permissionDefinitionManager.GetPermissions();
_logger.LogDebug("Getting all granted permissions from the repository for this provider name,key: {providerName},{providerKey}", providerName, providerKey);
var grantedPermissionsHashSet = new HashSet <string>((await _repository.GetListAsync(providerName, providerKey)).Select(p => p.Name));
_logger.LogDebug("Setting the cache items. Count: {permissionsCount}", permissions.Count);
var cacheItems = new List <(string Key, bool IsGranted)>();
bool currentResult = false;
foreach (var permission in permissions)
{
var isGranted = grantedPermissionsHashSet.Contains(permission.Name);
cacheItems.Add((string.Format(CacheKeyFormat, providerName, providerKey, permission.Name), isGranted));
if (permission.Name == currentName)
{
currentResult = isGranted;
}
}
List <Task> setCacheItemTasks = new();
foreach ((string Key, bool IsGranted) in cacheItems)
{
setCacheItemTasks.Add(_distributedCache.SetStringAsync(Key, IsGranted.ToString()));
}
await Task.WhenAll(setCacheItemTasks);
_logger.LogDebug("Finished setting the cache items. Count: {permissionsCount}", permissions.Count);
return(string.Format(CacheKeyFormat, providerName, providerKey, currentName), currentResult);
}
protected virtual async Task <ApplicationAuthConfigurationDto> GetAuthConfigAsync()
{
var authConfig = new ApplicationAuthConfigurationDto();
var permissions = _permissionDefinitionManager.GetPermissions();
IEnumerable <PermissionGrant> grantPermissions = new List <PermissionGrant>();
// TODO: 重写为每次调用接口都在数据库统一查询权限
// 待框架改进权限Provider机制后再移除
// 如果用户已登录,获取用户和角色权限
if (CurrentUser.IsAuthenticated)
{
var userPermissions = await _permissionGrantRepository.GetListAsync(UserPermissionValueProvider.ProviderName,
CurrentUser.GetId().ToString());
grantPermissions = grantPermissions.Union(userPermissions);
foreach (var userRole in CurrentUser.Roles)
{
var rolePermissions = await _permissionGrantRepository.GetListAsync(RolePermissionValueProvider.ProviderName,
userRole);
grantPermissions = grantPermissions.Union(rolePermissions);
}
}
// 如果客户端已验证,获取客户端权限
if (CurrentClient.IsAuthenticated)
{
var clientPermissions = await _permissionGrantRepository.GetListAsync(ClientPermissionValueProvider.ProviderName,
CurrentClient.Id);
grantPermissions = grantPermissions.Union(clientPermissions);
}
foreach (var permission in permissions)
{
authConfig.Policies[permission.Name] = true;
if (grantPermissions.Any(p => p.Name.Equals(permission.Name)))
{
authConfig.GrantedPolicies[permission.Name] = true;
}
}
return(authConfig);
}
public async Task SeedAsync(IServiceProvider serviceProvider)
{
var permissionNames = _permissionDefinitionManager.GetPermissions().Where(p => !p.AllowedProviders.Any() || p.AllowedProviders.Contains(RolePermissionValueProvider.ProviderName)).Select(p => p.Name).ToArray();
var permissionModels = Array.ConvertAll(permissionNames, pn => new PermissionUpdateRequestModel {
Name = pn, IsGranted = true
});
await _permissionService.UpdateAsync(RolePermissionValueProvider.ProviderName, "role1", permissionModels.Where(e => e.Name != ProductPermissions.Products.Create));
using (_currentTenant.Change(Guid.Parse("f30e402b-9de2-4b48-9ff0-c073cf499103")))
{
await _permissionService.UpdateAsync(UserPermissionValueProvider.ProviderName, "3", permissionModels.Where(e => e.Name != ProductPermissions.Products.Delete));
}
using (_currentTenant.Change(Guid.Parse("F30E402B-9DE2-4B48-9FF0-C073CF499102")))
{
await _permissionService.UpdateAsync(UserPermissionValueProvider.ProviderName, "2", permissionModels.Where(e => e.Name != ProductPermissions.Products.Delete));
}
}
public virtual IReadOnlyList <PermissionDefinition> GetPermissions(string providerName)
{
var multiTenancySide = _currentTenant.GetMultiTenancySide();
var permissions = _permissionDefinitionManager.GetPermissions();
return(permissions.Where(x =>
{
if (x.Providers.Any() && !x.Providers.Contains(providerName))
{
return false;
}
if (!x.MultiTenancySide.HasFlag(multiTenancySide))
{
return false;
}
return true;
}).ToImmutableList());
}
private async Task TryCreateDynamicPermissionsAsync(PermissionSetDto permissionSet)
{
var definedPermissionNames = _permissionDefinitionManager.GetPermissions().Select(x => x.Name).ToList();
var appService = LazyServiceProvider.LazyGetService <IPermissionDefinitionAppService>();
if (appService == null)
{
throw new DynamicPermissionModuleNotInstalledException();
}
foreach (var permissionName in permissionSet.GetPermissionNames()
.Where(permissionName => !definedPermissionNames.Contains(permissionName)))
{
await appService.CreateAsync(new CreateUpdatePermissionDefinitionDto
{
Name = permissionName,
DisplayName = permissionName,
Description = null,
IsPublic = true
});
}
}
public void GetPermissions()
{
_permissionDefinitionManager.GetPermissions().Count.ShouldBe(2);
_permissionDefinitionManager.GetPermissions()[0].Name.ShouldBe("Permission_Test_1");
_permissionDefinitionManager.GetPermissions()[1].Name.ShouldBe("Permission_Test_2");
}