sarpay
10/24/2019 - 9:34 AM

Roles & Permissions

abp.permission-files.md
content_copyfile_download
  • Rendered
  • Source

AppAuthorizationProvider.cs

var controlNumbersReport = pages.CreateChildPermission(AppPermissions.Pages_ControlNumbersReport, L("ControlNumbersReport"), multiTenancySides: MultiTenancySides.Tenant);

AppPermissions.cs

public const string Pages_ControlNumbersReport = "Pages.ControlNumbersReport";
Permission-Checking.md
content_copyfile_download
  • Rendered
  • Source

Anonymous

using Echonos.Authorization;

[AllowAnonymous]
public async Task<ActionResult> GetLogo(int? tenantId)
{
}

AppPermissions

using Abp.Authorization;
using Echonos.Authorization;

[AbpAuthorize(AppPermissions.Pages_ControlNumbers)]
  public class ControlNumbersAppService : EchonosAppServiceBase, IControlNumbersAppService {
    public void CreateUser(CreateOrUpdateUserInput input)
    {
      if (!PermissionChecker.IsGranted("Administration.UserManagement.CreateUser"))
      {
        throw new AbpAuthorizationException("You are not authorized to create user!");
      }
      //A user can not reach this point if he is not granted for "Administration.UserManagement.CreateUser" permission.
      
      PermissionChecker.Authorize("Administration.UserManagement.CreateUser");
      //A user can not reach this point if he is not granted for "Administration.UserManagement.CreateUser" permission.
    }
  }
}

Current User

User user = GetCurrentUser();

Current User's Roles

var currentUserRoleNames = await UserManager.GetRolesAsync(GetCurrentUser()).ToArray();

Current Tenant

Tenant tenant = GetCurrentTenant();

Client-Side

const isPartner = abp.auth.isGranted("Pages.Partner");

<div class="col-md-3" [hidden]="!isGrantedAny('Pages.Partner')">

<a href="javascript:;" *ngIf="permission.isGranted('Pages.ControlNumbers.Delete')"
  (click)="deleteControlNumber(record.controlNumber)">{{l('Delete')}}</a>
  
<button *ngIf="'Pages.Administration.WebhookSubscription.Create' | permission">
role-checking.cs
content_copyfile_download
var currentUser = await GetCurrentUserAsync();

var userInAdminRoles =
  await UserManager.IsInRoleAsync(currentUser, StaticRoleNames.Tenants.HQAdmin) ||
  await UserManager.IsInRoleAsync(currentUser, StaticRoleNames.Tenants.HQInternal) ||
  await UserManager.IsInRoleAsync(currentUser, StaticRoleNames.Tenants.Admin);
            
// ---------------- //

namespace Nudyne.Star.Authorization.Roles
{
    public static class StaticRoleNames
    {
        public static class Host
        {
            public const string Admin = "Admin";
        }

        public static class Tenants
        {
            public const string Admin = "Admin";
            public const string User = "User";
            
            // custom roles are added here
            public const string RepRegular = "Regular";
            public const string RepSupervisor = "Supervisor";
        }
    }
}
tenant-type-permissions.md
content_copyfile_download
  • Rendered
  • Source

Introducing New Tenant to Platform

AbpTenants

Where TenancyName = 'CNE'
Result => TenantId = 2

AbpUsers

Where TenantId = 2 And Username = 'admin'
Result => UserId = 6

AbpRoles

Where TenantId = 2 And (Name = 'User' Or Name = 'Admin')
Result => RoleId = 4 (Admin), 5 (User)

AbpUserRoles

Where UserId = 6
Result => RoleId = 4 (Admin), 5 (User)

AbpPermissions

For Provider

User Role Needs to have the RolePermissionSetting for Pages.Provider as IsGranted = 1.
Both Roles (Admin and User) should not have IsGranted as 1.
Where (RoleId = 4 Or RoleId = 5) And (Name = 'Pages' Or Name = 'Pages.Provider' Or Name = 'Pages.Partner')
Result =>

IdCreationTimeCreatorUserIdDiscriminatorIsGrantedNameTenantIdRoleIdUserId
852019-10-22 00:25:386RolePermissionSetting0Pages.Partner24
1002019-10-25 00:47:166RolePermissionSetting0Pages.Provider24
1022019-10-25 00:47:466RolePermissionSetting1Pages.Provider25
1032019-10-25 00:47:476RolePermissionSetting1Pages25

For Partner

Same logic as above reversed.
Notice that the only thing that changes is the Id 102, Name column.

IdCreationTimeCreatorUserIdDiscriminatorIsGrantedNameTenantIdRoleIdUserId
852019-10-22 00:25:386RolePermissionSetting0Pages.Partner24
1002019-10-25 00:47:166RolePermissionSetting0Pages.Provider24
1022019-10-25 00:47:466RolePermissionSetting1Pages.Partner25
1032019-10-25 00:47:476RolePermissionSetting1Pages25
Roles-of-User.md
content_copyfile_download
  • Rendered
  • Source

Current User's Roles

var currentUserRoleNames = UserManager.GetRolesAsync(GetCurrentUser()).Result.ToArray();