Remove management permission check from resource permissions

2 months ago · 12b50b41c5
3 changed files with 5 additions and 14 deletions
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ResourcePermissionChecker.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ResourcePermissionChecker.cs
@ -72,11 +72,6 @@ public class ResourcePermissionChecker : IResourcePermissionChecker, ITransientD
            return false;
        }

-        if (!await PermissionChecker.IsGrantedAsync(claimsPrincipal, permission.ManagementPermissionName!))
-        {
-            return false;
-        }
-
        var isGranted = false;
        var context = new ResourcePermissionValueCheckContext(permission, claimsPrincipal, resourceName, resourceKey);
        foreach (var provider in PermissionValueProviderManager.ValueProviders)
@ -124,8 +119,7 @@ public class ResourcePermissionChecker : IResourcePermissionChecker, ITransientD
        foreach (var name in names)
        {
            var permission = await PermissionDefinitionManager.GetResourcePermissionOrNullAsync(resourceName, name);
-            if (permission == null ||
-                !await PermissionChecker.IsGrantedAsync(claimsPrincipal, permission.ManagementPermissionName!))
+            if (permission == null)
            {
                result.Result.Add(name, PermissionGrantResult.Prohibited);
                continue;
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ResourcePermissionPopulator.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ResourcePermissionPopulator.cs
@ -52,11 +52,6 @@ public class ResourcePermissionPopulator : ITransientDependency
            var results = await ResourcePermissionChecker.IsGrantedAsync(resopurcePermissions.Select(x => x.Name).ToArray(), resourceName, resourceKey);
            foreach (var resopurcePermission in resopurcePermissions)
            {
-                if (!await PermissionChecker.IsGrantedAsync(resopurcePermission.ManagementPermissionName!))
-                {
-                    continue;
-                }
-
                if (resource.ResourcePermissions == null)
                {
                     ObjectHelper.TrySetProperty(resource, x => x.ResourcePermissions, () => new Dictionary<string, bool>());
--- a/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/ResourcePermissionPopulator_Test.cs
+++ b/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/ResourcePermissionPopulator_Test.cs
@ -28,7 +28,7 @@ public class ResourcePermissionPopulator_Tests : AuthorizationTestBase
        );

        testResourceObject.ResourcePermissions.ShouldNotBeNull();
-        testResourceObject.ResourcePermissions.Count.ShouldBe(7); // Does not include MyResourcePermission8 because current user has no TestEntityManagementPermission2
+        testResourceObject.ResourcePermissions.Count.ShouldBe(8);
        testResourceObject.ResourcePermissions["MyResourcePermission1"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission2"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission3"].ShouldBe(true);
@ -36,6 +36,7 @@ public class ResourcePermissionPopulator_Tests : AuthorizationTestBase
        testResourceObject.ResourcePermissions["MyResourcePermission5"].ShouldBe(true);
        testResourceObject.ResourcePermissions["MyResourcePermission6"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission7"].ShouldBe(false);
+        testResourceObject.ResourcePermissions["MyResourcePermission8"].ShouldBe(false);

        testResourceObject = new TestEntityResource(TestEntityResource.ResourceKey6);
        testResourceObject.ResourcePermissions.IsNullOrEmpty().ShouldBeTrue();
@ -46,7 +47,7 @@ public class ResourcePermissionPopulator_Tests : AuthorizationTestBase
        );

        testResourceObject.ResourcePermissions.ShouldNotBeNull();
-        testResourceObject.ResourcePermissions.Count.ShouldBe(7); // Does not include MyResourcePermission8 because current user has no TestEntityManagementPermission2
+        testResourceObject.ResourcePermissions.Count.ShouldBe(7);
        testResourceObject.ResourcePermissions["MyResourcePermission1"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission2"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission3"].ShouldBe(false);
@ -54,5 +55,6 @@ public class ResourcePermissionPopulator_Tests : AuthorizationTestBase
        testResourceObject.ResourcePermissions["MyResourcePermission5"].ShouldBe(false);
        testResourceObject.ResourcePermissions["MyResourcePermission6"].ShouldBe(true);
        testResourceObject.ResourcePermissions["MyResourcePermission7"].ShouldBe(false);
+        testResourceObject.ResourcePermissions["MyResourcePermission8"].ShouldBe(false);
    }
 }