Resolve performance issues when querying permissions

5 years ago · 79731b3415
25 changed files with 286 additions and 287 deletions
--- a/aspnet-core/LINGYUN.MicroService.sln
+++ b/aspnet-core/LINGYUN.MicroService.sln
@ -243,7 +243,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Rules", "module
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Rules.NRules", "modules\common\LINGYUN.Abp.Rules.NRules\LINGYUN.Abp.Rules.NRules.csproj", "{0BA9FF71-C55E-483B-B83A-6B4BD8ABBBB1}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LINGYUN.Abp.RulesEngine", "modules\common\LINGYUN.Abp.RulesEngine\LINGYUN.Abp.RulesEngine.csproj", "{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "permission-management", "permission-management", "{CC362C67-6FC1-42B3-A130-8120AA8D790C}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.PermissionManagement.Domain", "modules\permissions-management\LINGYUN.Abp.PermissionManagement.Domain\LINGYUN.Abp.PermissionManagement.Domain.csproj", "{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LINGYUN.Abp.PermissionManagement.Domain.Identity", "modules\identity\LINGYUN.Abp.PermissionManagement.Domain.Identity\LINGYUN.Abp.PermissionManagement.Domain.Identity.csproj", "{2D377D3A-70EC-4BB3-9F4C-6C933693DA98}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@ -647,10 +651,14 @@ Global
 		{0BA9FF71-C55E-483B-B83A-6B4BD8ABBBB1}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{0BA9FF71-C55E-483B-B83A-6B4BD8ABBBB1}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{0BA9FF71-C55E-483B-B83A-6B4BD8ABBBB1}.Release|Any CPU.Build.0 = Release|Any CPU
-		{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2D377D3A-70EC-4BB3-9F4C-6C933693DA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2D377D3A-70EC-4BB3-9F4C-6C933693DA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2D377D3A-70EC-4BB3-9F4C-6C933693DA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2D377D3A-70EC-4BB3-9F4C-6C933693DA98}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@ -773,7 +781,9 @@ Global
 		{07E19CA8-671D-4D58-9FED-5FEE9AE01A2F} = {67DAB2A0-D407-4CAB-8414-AE3D0AC52FC4}
 		{8ACB30CF-2311-4C0A-AE79-92C1A7667353} = {8AC72641-30D3-4ACF-89FA-808FADC55C2E}
 		{0BA9FF71-C55E-483B-B83A-6B4BD8ABBBB1} = {8AC72641-30D3-4ACF-89FA-808FADC55C2E}
-		{E796CB81-8F94-40C4-87B3-FA9FBAD3F54E} = {8AC72641-30D3-4ACF-89FA-808FADC55C2E}
+		{CC362C67-6FC1-42B3-A130-8120AA8D790C} = {C5CAD011-DF84-4914-939C-0C029DCEF26F}
+		{B46D6DAF-98C6-441F-9FA5-3CAD7CF27727} = {CC362C67-6FC1-42B3-A130-8120AA8D790C}
+		{2D377D3A-70EC-4BB3-9F4C-6C933693DA98} = {52B5D4F7-237B-4E0A-A167-68442164F70A}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C95FDF91-16F2-4A8B-A4BE-0E62D1B66718}
--- a/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN.Abp.PermissionManagement.Domain.Identity.csproj
+++ b/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN.Abp.PermissionManagement.Domain.Identity.csproj
@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  
+  <Import Project="..\..\..\common.props" />
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <RootNamespace />
+  </PropertyGroup>
+  
+   <ItemGroup>
+    <PackageReference Include="Volo.Abp.Uow" Version="3.2.0" />
+    <PackageReference Include="Volo.Abp.PermissionManagement.Domain.Identity" Version="3.2.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\permissions-management\LINGYUN.Abp.PermissionManagement.Domain\LINGYUN.Abp.PermissionManagement.Domain.csproj" />
+  </ItemGroup>
+
+</Project>
--- a/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
+++ b/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
@ -0,0 +1,13 @@
+using Volo.Abp.Modularity;
+
+namespace LINGYUN.Abp.PermissionManagement.Identity
+{
+    [DependsOn(
+        typeof(AbpPermissionManagementDomainModule),
+        typeof(Volo.Abp.PermissionManagement.Identity.AbpPermissionManagementDomainIdentityModule)
+        )]
+    public class AbpPermissionManagementDomainIdentityModule : AbpModule
+    {
+
+    }
+}
--- a/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN/Abp/PermissionManagement/Identity/IdentityPermissionManager.cs
+++ b/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/LINGYUN/Abp/PermissionManagement/Identity/IdentityPermissionManager.cs
@ -0,0 +1,78 @@
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using System;
+using System.Threading.Tasks;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Guids;
+using Volo.Abp.Identity;
+using Volo.Abp.MultiTenancy;
+using Volo.Abp.PermissionManagement;
+using Volo.Abp.Threading;
+using Volo.Abp.Uow;
+
+namespace LINGYUN.Abp.PermissionManagement.Identity
+{
+    [Dependency(ServiceLifetime.Singleton, ReplaceServices = true)]
+    [ExposeServices(typeof(IPermissionManager), typeof(PermissionManager), typeof(DefaultPermissionManager))]
+    public class IdentityPermissionManager : DefaultPermissionManager
+    {
+        protected IUnitOfWorkManager UnitOfWorkManager => LazyGetRequiredService(ref _unitOfWorkManager);
+        private IUnitOfWorkManager _unitOfWorkManager;
+
+        protected IUnitOfWork CurrentUnitOfWork => UnitOfWorkManager?.Current;
+
+        protected IUserRoleFinder UserRoleFinder { get; }
+        public IdentityPermissionManager(
+            IPermissionDefinitionManager permissionDefinitionManager, 
+            IPermissionGrantRepository permissionGrantRepository, 
+            IPermissionStore permissionStore, 
+            IServiceProvider serviceProvider, 
+            IGuidGenerator guidGenerator, 
+            IOptions<PermissionManagementOptions> options, 
+            ICurrentTenant currentTenant,
+            IUserRoleFinder userRoleFinder) 
+            : base(permissionDefinitionManager, permissionGrantRepository, permissionStore, serviceProvider, guidGenerator, options, currentTenant)
+        {
+            UserRoleFinder = userRoleFinder;
+        }
+
+        protected override async Task<bool> IsGrantedAsync(string permissionName, string providerName, string providerKey)
+        {
+            if (!RolePermissionValueProvider.ProviderName.Equals(providerName))
+            {
+                // 如果查询的是用户权限,需要查询用户角色权限
+                if (providerName == UserPermissionValueProvider.ProviderName)
+                {
+                    var userId = Guid.Parse(providerKey);
+                    var roleNames = await GetUserRolesAsync(userId);
+                    foreach (var roleName in roleNames)
+                    {
+                        var permissionGrant = await PermissionStore.IsGrantedAsync(permissionName, RolePermissionValueProvider.ProviderName, roleName);
+                        if (permissionGrant)
+                        {
+                            return true;
+                        }
+                    }
+                }
+            }
+            return await base.IsGrantedAsync(permissionName, providerName, providerKey);
+        }
+
+        protected virtual async Task<string[]> GetUserRolesAsync(Guid userId)
+        {
+            // 通过工作单元来缓存用户角色,防止多次查询
+            if (CurrentUnitOfWork != null)
+            {
+                var userRoleItemKey = $"FindRolesByUser:{userId}";
+
+                return CurrentUnitOfWork.GetOrAddItem(userRoleItemKey, (key) =>
+                {
+                    var roles = AsyncHelper.RunSync(async ()=> await UserRoleFinder.GetRolesAsync(userId));
+                    return roles;
+                });
+            }
+            return await UserRoleFinder.GetRolesAsync(userId);
+        }
+    }
+}
--- a/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/README.md
+++ b/aspnet-core/modules/identity/LINGYUN.Abp.PermissionManagement.Domain.Identity/README.md
@ -0,0 +1,19 @@
+# LINGYUN.Abp.PermissionManagement.Domain.Identity
+
+重写 **LINGYUN.Abp.PermissionManagement.Domain**
+
+当查询用户权限时,先获取用户角色组权限
+
+#### 注意
+
+此模块已经引用 **Volo.Abp.PermissionManagement.Identity.AbpPermissionManagementDomainIdentityModule** 无需再次引用
+
+## 配置使用
+
+
+```csharp
+[DependsOn(typeof(LINGYUN.Abp.PermissionManagement.Identity.AbpPermissionManagementDomainIdentityModule))]
+public class YouProjectModule : AbpModule
+{
+  // other
+}
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application.Contracts/.gitignore
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application.Contracts/.gitignore
--- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN.Abp.PermissionManagement.Domain.csproj
+++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN.Abp.PermissionManagement.Domain.csproj
@ -1,12 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk">
  
+  <Import Project="..\..\..\common.props" />
+
  <PropertyGroup>
    <TargetFramework>netstandard2.0</TargetFramework>
    <RootNamespace />
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Volo.Abp.PermissionManagement.Domain" Version="2.7.0" />
+    <PackageReference Include="Volo.Abp.PermissionManagement.Domain" Version="3.2.0" />
  </ItemGroup>
  
 </Project>
--- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/AbpPermissionManagementDomainModule.cs
+++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/AbpPermissionManagementDomainModule.cs
@ -0,0 +1,11 @@
+using Volo.Abp.Modularity;
+
+namespace LINGYUN.Abp.PermissionManagement
+{
+    [DependsOn(
+        typeof(Volo.Abp.PermissionManagement.AbpPermissionManagementDomainModule))]
+    public class AbpPermissionManagementDomainModule : AbpModule
+    {
+
+    }
+}
--- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/DefaultPermissionManager.cs
+++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/DefaultPermissionManager.cs
@ -0,0 +1,101 @@
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Guids;
+using Volo.Abp.MultiTenancy;
+using Volo.Abp.PermissionManagement;
+
+namespace LINGYUN.Abp.PermissionManagement
+{
+    [Dependency(ServiceLifetime.Singleton, ReplaceServices = true)]
+    [ExposeServices(typeof(IPermissionManager), typeof(PermissionManager))]
+    public class DefaultPermissionManager : PermissionManager
+    {
+        #region DependencyInjection
+
+        protected readonly object ServiceProviderLock = new object();
+
+        protected TService LazyGetRequiredService<TService>(ref TService reference)
+            => LazyGetRequiredService(typeof(TService), ref reference);
+
+        protected TRef LazyGetRequiredService<TRef>(Type serviceType, ref TRef reference)
+        {
+            if (reference == null)
+            {
+                lock (ServiceProviderLock)
+                {
+                    if (reference == null)
+                    {
+                        reference = (TRef)ServiceProvider.GetRequiredService(serviceType);
+                    }
+                }
+            }
+
+            return reference;
+        }
+        protected IServiceProvider ServiceProvider { get; }
+
+        #endregion
+
+        protected IPermissionStore PermissionStore { get; }
+        public DefaultPermissionManager(
+            IPermissionDefinitionManager permissionDefinitionManager, 
+            IPermissionGrantRepository permissionGrantRepository,
+            IPermissionStore permissionStore,
+            IServiceProvider serviceProvider, 
+            IGuidGenerator guidGenerator, 
+            IOptions<PermissionManagementOptions> options, 
+            ICurrentTenant currentTenant) 
+            : base(permissionDefinitionManager, permissionGrantRepository, serviceProvider, guidGenerator, options, currentTenant)
+        {
+            ServiceProvider = serviceProvider;
+            PermissionStore = permissionStore;
+        }
+
+        public override async Task SetAsync(string permissionName, string providerName, string providerKey, bool isGranted)
+        {
+            await base.SetAsync(permissionName, providerName, providerKey, isGranted);
+
+            // 不需要改缓存,因为权限实体变更会自动清理缓存
+            //var cacheKey = PermissionGrantCacheItem.CalculateCacheKey(permissionName, providerName, providerKey);
+            //var cacheItem = new PermissionGrantCacheItem(isGranted);
+            //await PermissionGrantChche.SetAsync(cacheKey, cacheItem);
+        }
+
+        protected override async Task<PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permission, string providerName, string providerKey)
+        {
+            var result = new PermissionWithGrantedProviders(permission.Name, false);
+
+            if (!permission.IsEnabled)
+            {
+                return result;
+            }
+
+            if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
+            {
+                return result;
+            }
+
+            if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+            {
+                return result;
+            }
+
+            // 这么做的坏处就是没法给特定的Provider设定是否授权字段
+            // result.Providers 会出现假数据 UserPermissionProvider未授权, 而所属的
+
+            result.IsGranted = await IsGrantedAsync(permission.Name, providerName, providerKey);
+
+            return result;
+        }
+
+        protected virtual async Task<bool> IsGrantedAsync(string permissionName, string providerName, string providerKey)
+        {
+            return await PermissionStore.IsGrantedAsync(permissionName, providerName, providerKey);
+        }
+    }
+}
--- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/README.md
+++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain/README.md
@ -0,0 +1,22 @@
+# LINGYUN.Abp.PermissionManagement.Domain
+
+重写 **Volo.Abp.PermissionManagement.PermissionManager**, 在查询权限的时候优先检查缓存
+
+大部分重写的模块都和官方模块名称保持一致,通过命名空间区分,主要是只改写了一小部分或者增加额外的功能
+如果大部分模块代码都重写,或者完全就是扩展模块,才会定义自己的名字
+
+#### 注意
+
+当使用了此模块,可能会出现您不愿意见到的场景,因为当您只需要查看某个实体拥有的权限,然后却为此建立了它的全部缓存项
+
+在一些特定场景下(**比如云缓存**),请避免引用此模块,以免产生额外的费用
+
+## 配置使用
+
+
+```csharp
+[DependsOn(typeof(LINGYUN.Abp.PermissionManagement.AbpPermissionManagementDomainModule))]
+public class YouProjectModule : AbpModule
+{
+  // other
+}
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application.Contracts/LINGYUN.Abp.PermissionManagement.Application.Contracts.csproj
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application.Contracts/LINGYUN.Abp.PermissionManagement.Application.Contracts.csproj
@ -1,17 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
-    <RootNamespace></RootNamespace>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Volo.Abp.Ddd.Application" Version="3.0.0" />
-    <PackageReference Include="Volo.Abp.PermissionManagement.Domain.Shared" Version="3.0.0" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="LINGYUN\Abp\PermissionManagement\Localization\" />
-  </ItemGroup>
-
-</Project>
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/.gitignore
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/.gitignore
@ -1,7 +0,0 @@
-bin
-obj
-Logs
-appsettings.*.json
-node_modules
-yarn.lock
-package-lock.json
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN.Abp.PermissionManagement.Application.csproj
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN.Abp.PermissionManagement.Application.csproj
@ -1,13 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
-    <RootNamespace />
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Volo.Abp.PermissionManagement.Domain" Version="3.0.0" />
-    <PackageReference Include="Volo.Abp.PermissionManagement.Application.Contracts" Version="3.0.0" />
-  </ItemGroup>
-
-</Project>
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN/Abp/PermissionManagement/AbpPermissionManagementApplicationModule.cs
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN/Abp/PermissionManagement/AbpPermissionManagementApplicationModule.cs
@ -1,13 +0,0 @@
-using Volo.Abp.Modularity;
-using Volo.Abp.PermissionManagement;
-
-namespace LINGYUN.Abp.PermissionManagement
-{
-    [DependsOn(
-        typeof(AbpPermissionManagementDomainModule),
-        typeof(AbpPermissionManagementApplicationContractsModule)
-        )]
-    public class AbpPermissionManagementApplicationModule : AbpModule
-    {
-    }
-}
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN/Abp/PermissionManagement/PermissionAppService.cs
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Application/LINGYUN/Abp/PermissionManagement/PermissionAppService.cs
@ -1,156 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Volo.Abp;
-using Volo.Abp.Application.Services;
-using Volo.Abp.Authorization.Permissions;
-using Volo.Abp.Caching;
-using Volo.Abp.Clients;
-using Volo.Abp.DependencyInjection;
-using Volo.Abp.MultiTenancy;
-using Volo.Abp.PermissionManagement;
-using Volo.Abp.Users;
-
-namespace LINGYUN.Abp.PermissionManagement
-{
-    [Authorize]
-    [Dependency(ServiceLifetime.Transient, ReplaceServices = true)]
-    [ExposeServices(typeof(IPermissionAppService), typeof(PermissionAppService))]
-    public class PermissionAppService : ApplicationService, IPermissionAppService
-    {
-        protected PermissionManagementOptions Options { get; }
-        protected IDistributedCache<PermissionGrantCacheItem> Cache { get; }
-        protected IPermissionGrantRepository PermissionGrantRepository { get; }
-        protected IPermissionDefinitionManager PermissionDefinitionManager { get; }
-        public PermissionAppService(
-            IDistributedCache<PermissionGrantCacheItem> cache,
-            IPermissionGrantRepository permissionGrantRepository,
-            IPermissionDefinitionManager permissionDefinitionManager,
-            IOptions<PermissionManagementOptions> options)
-        {
-            Cache = cache;
-            Options = options.Value;
-            PermissionGrantRepository = permissionGrantRepository;
-            PermissionDefinitionManager = permissionDefinitionManager;
-        }
-        public virtual async Task<GetPermissionListResultDto> GetAsync(string providerName, string providerKey)
-        {
-            var permissionListResult = new GetPermissionListResultDto
-            {
-                EntityDisplayName = providerKey,
-                Groups = new List<PermissionGroupDto>()
-            };
-            var multiTenancySide = CurrentTenant.GetMultiTenancySide();
-            var permissionGroups = PermissionDefinitionManager.GetGroups();
-            IEnumerable<PermissionGrant> permissions = 
-                await PermissionGrantRepository.GetListAsync(providerName, providerKey);
-            foreach (var permissionGroup in permissionGroups)
-            {
-                var groupDto = new PermissionGroupDto
-                {
-                    Name = permissionGroup.Name,
-                    DisplayName = permissionGroup.DisplayName.Localize(StringLocalizerFactory),
-                    Permissions = new List<PermissionGrantInfoDto>()
-                };
-                foreach (var permission in permissionGroup.GetPermissionsWithChildren())
-                {
-                    if (!permission.IsEnabled)
-                    {
-                        continue;
-                    }
-
-                    if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
-                    {
-                        continue;
-                    }
-
-                    if (!permission.MultiTenancySide.HasFlag(multiTenancySide))
-                    {
-                        continue;
-                    }
-
-                    var grantInfoDto = new PermissionGrantInfoDto
-                    {
-                        Name = permission.Name,
-                        DisplayName = permission.DisplayName.Localize(StringLocalizerFactory),
-                        ParentName = permission.Parent?.Name,
-                        AllowedProviders = permission.Providers,
-                        GrantedProviders = new List<ProviderInfoDto>()
-                    };
-
-                    var grantedPermissions = permissions.Where(p => p.Name.Equals(permission.Name));
-
-                    foreach (var grantedPermission in grantedPermissions)
-                    {
-                        grantInfoDto.IsGranted = true;
-                        grantInfoDto.GrantedProviders.Add(new ProviderInfoDto
-                        {
-                            ProviderKey = grantedPermission.ProviderKey,
-                            ProviderName = grantedPermission.ProviderName
-                        });
-                    }
-
-                    groupDto.Permissions.Add(grantInfoDto);
-                }
-
-                if (groupDto.Permissions.Any())
-                {
-                    permissionListResult.Groups.Add(groupDto);
-                }
-            }
-
-            return permissionListResult;
-        }
-
-        public virtual async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input)
-        {
-            await CheckProviderPolicy(providerName);
-
-            var permissions = await PermissionGrantRepository.GetListAsync(providerName, providerKey);
-            foreach(var permission in input.Permissions)
-            {
-                var editPermission = permissions.FirstOrDefault(p => p.Name.Equals(permission.Name));
-                if(editPermission == null)
-                {
-                    if(permission.IsGranted)
-                    {
-                        var permissionGrant = new PermissionGrant(GuidGenerator.Create(), 
-                            permission.Name, providerName, providerKey, CurrentTenant.Id);
-                        await PermissionGrantRepository.InsertAsync(permissionGrant);
-                    }
-                }
-                else
-                {
-                    if (!permission.IsGranted)
-                    {
-                        await PermissionGrantRepository.DeleteAsync(editPermission.Id);
-                    }
-                }
-                // 同步变更缓存里的权限配置
-                var cacheKey = CalculateCacheKey(permission.Name, providerName, providerKey);
-                var cacheItem = new PermissionGrantCacheItem(permission.IsGranted);
-                await Cache.SetAsync(cacheKey, cacheItem);
-            }
-        }
-
-        protected virtual async Task CheckProviderPolicy(string providerName)
-        {
-            var policyName = Options.ProviderPolicies.GetOrDefault(providerName);
-            if (policyName.IsNullOrEmpty())
-            {
-                throw new AbpException($"No policy defined to get/set permissions for the provider '{policyName}'. Use {nameof(PermissionManagementOptions)} to map the policy.");
-            }
-
-            await AuthorizationService.CheckAsync(policyName);
-        }
-
-        protected virtual string CalculateCacheKey(string name, string providerName, string providerKey)
-        {
-            return PermissionGrantCacheItem.CalculateCacheKey(name, providerName, providerKey);
-        }
-    }
-}
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/.gitignore
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/.gitignore
@ -1,7 +0,0 @@
-bin
-obj
-Logs
-appsettings.*.json
-node_modules
-yarn.lock
-package-lock.json
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/Class1.cs
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/Class1.cs
@ -1,8 +0,0 @@
-using System;
-
-namespace LINGYUN.Abp.PermissionManagement
-{
-    public class Class1
-    {
-    }
-}
--- a/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/PermissionManagementProvider.cs
+++ b/aspnet-core/modules/permissions/LINGYUN.Abp.PermissionManagement.Domain/LINGYUN/Abp/PermissionManagement/PermissionManagementProvider.cs
@ -1,20 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-using Volo.Abp.Guids;
-using Volo.Abp.MultiTenancy;
-using Volo.Abp.PermissionManagement;
-
-namespace LINGYUN.Abp.PermissionManagement
-{
-    public abstract class PermissionManagementProvider : IPermissionManagementProvider
-    {
-        public abstract string Name { get; }
-
-        protected IPermissionGrantRepository PermissionGrantRepository { get; }
-
-        protected IGuidGenerator GuidGenerator { get; }
-
-        protected ICurrentTenant CurrentTenant { get; }
-    }
-}
--- a/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs
+++ b/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs
@ -121,12 +121,6 @@ namespace AuthServer.Host
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });
--- a/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs
+++ b/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs
@ -7,6 +7,7 @@ using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.FileManagement;
 using LINGYUN.Abp.MessageService;
 using LINGYUN.Abp.MultiTenancy.DbFinder;
+using LINGYUN.Abp.PermissionManagement.Identity;
 using LINGYUN.Abp.SettingManagement;
 using LINGYUN.Abp.TenantManagement;
 using LINGYUN.ApiGateway;
@ -48,7 +49,6 @@ using Volo.Abp.MultiTenancy;
 using Volo.Abp.PermissionManagement;
 using Volo.Abp.PermissionManagement.EntityFrameworkCore;
 using Volo.Abp.PermissionManagement.HttpApi;
-using Volo.Abp.PermissionManagement.Identity;
 using Volo.Abp.PermissionManagement.IdentityServer;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.Security.Encryption;
@ -61,8 +61,6 @@ namespace LINGYUN.Abp.BackendAdmin
 {
    [DependsOn(
        typeof(AbpAspNetCoreMvcUiMultiTenancyModule),
-        typeof(AbpPermissionManagementDomainIdentityModule),
-        typeof(AbpPermissionManagementDomainIdentityServerModule),
        typeof(AppPlatformApplicationContractModule),
        typeof(ApiGatewayApplicationContractsModule),
        typeof(AbpFileManagementApplicationContractsModule),
@ -86,6 +84,8 @@ namespace LINGYUN.Abp.BackendAdmin
        typeof(AbpAuditLoggingEntityFrameworkCoreModule),
        typeof(AbpTenantManagementEntityFrameworkCoreModule),
        typeof(AbpSettingManagementEntityFrameworkCoreModule),
+        typeof(AbpPermissionManagementDomainIdentityModule),
+        typeof(AbpPermissionManagementDomainIdentityServerModule),
        typeof(AbpPermissionManagementEntityFrameworkCoreModule),
        typeof(AbpFeatureManagementEntityFrameworkCoreModule),
        typeof(AbpAspNetCoreAuthenticationJwtBearerModule),
@ -184,12 +184,6 @@ namespace LINGYUN.Abp.BackendAdmin
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });
--- a/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/LINGYUN.Abp.BackendAdmin.HttpApi.Host.csproj
+++ b/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/LINGYUN.Abp.BackendAdmin.HttpApi.Host.csproj
@ -68,6 +68,7 @@
    <ProjectReference Include="..\..\..\modules\file-management\LINGYUN.Abp.FileManagement.Application.Contracts\LINGYUN.Abp.FileManagement.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\..\modules\identityServer\LINGYUN.Abp.IdentityServer.Application.Contracts\LINGYUN.Abp.IdentityServer.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\..\modules\identity\LINGYUN.Abp.Identity.Application.Contracts\LINGYUN.Abp.Identity.Application.Contracts.csproj" />
+    <ProjectReference Include="..\..\..\modules\identity\LINGYUN.Abp.PermissionManagement.Domain.Identity\LINGYUN.Abp.PermissionManagement.Domain.Identity.csproj" />
    <ProjectReference Include="..\..\..\modules\message\LINGYUN.Abp.MessageService.Application.Contracts\LINGYUN.Abp.MessageService.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\..\modules\common\LINGYUN.Abp.Sms.Aliyun\LINGYUN.Abp.Sms.Aliyun.csproj" />
    <ProjectReference Include="..\..\..\modules\platform\LINGYUN.Platform.Application.Contracts\LINGYUN.Platform.Application.Contracts.csproj" />
--- a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs
+++ b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs
@ -103,12 +103,6 @@ namespace LINGYUN.ApiGateway
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });
--- a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs
+++ b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs
@ -107,12 +107,6 @@ namespace LINGYUN.ApiGateway
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
@ -155,12 +155,6 @@ namespace LINGYUN.Abp.MessageService
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });
--- a/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs
+++ b/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs
@ -164,12 +164,6 @@ namespace LINGYUN.Platform
            Configure<RedisCacheOptions>(options =>
            {
                var redisConfig = ConfigurationOptions.Parse(options.Configuration);
-                // 单独一个缓存数据库
-                var databaseConfig = configuration.GetSection("Redis:DefaultDatabase");
-                if (databaseConfig.Exists())
-                {
-                    redisConfig.DefaultDatabase = databaseConfig.Get<int>();
-                }
                options.ConfigurationOptions = redisConfig;
                options.InstanceName = configuration["Redis:InstanceName"];
            });