fix(permission-management): validate user ID parsing in role permission providers

3 months ago · 1398c8d67b
2 changed files with 2 additions and 4 deletions
--- a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RolePermissionManagementProvider.cs
+++ b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RolePermissionManagementProvider.cs
@ -49,9 +49,8 @@ public class RolePermissionManagementProvider : PermissionManagementProvider

            }

-            if (providerName == UserPermissionValueProvider.ProviderName)
+            if (providerName == UserPermissionValueProvider.ProviderName && Guid.TryParse(providerKey, out var userId))
            {
-                var userId = Guid.Parse(providerKey);
                var roleNames = await UserRoleFinder.GetRoleNamesAsync(userId);

                foreach (var roleName in roleNames)
--- a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionManagementProvider.cs
+++ b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionManagementProvider.cs
@ -48,9 +48,8 @@ public class RoleResourcePermissionManagementProvider : ResourcePermissionManage
                resourcePermissionGrants.AddRange(await ResourcePermissionGrantRepository.GetListAsync(names, resourceName, resourceKey, providerName, providerKey));
            }

-            if (providerName == UserResourcePermissionValueProvider.ProviderName)
+            if (providerName == UserResourcePermissionValueProvider.ProviderName && Guid.TryParse(providerKey, out var userId))
            {
-                var userId = Guid.Parse(providerKey);
                var roleNames = await UserRoleFinder.GetRoleNamesAsync(userId);

                foreach (var roleName in roleNames)