From 499f12742ff9b8a573da23331ba85b078e1f8c25 Mon Sep 17 00:00:00 2001 From: maliming Date: Tue, 30 Dec 2025 18:26:36 +0800 Subject: [PATCH] Implement client finder and resource permission management providers --- .../Clients/ClientFinderResult.cs | 10 +++ .../IdentityServer/Clients/IClientFinder.cs | 12 ++++ .../IdentityServer/Clients/ClientFinder.cs | 45 ++++++++++++++ .../Clients/IClientRepository.cs | 2 + .../Clients/ClientRepository.cs | 7 +++ .../MongoDB/MongoClientRepository.cs | 7 +++ .../ClientPermissionManagementProvider.cs | 9 ++- ...entResourcePermissionManagementProvider.cs | 62 +++++++++++++++++++ ...ourcePermissionProviderKeyLookupService.cs | 45 ++++++++++++++ .../Applications/AbpApplicationFinder.cs | 2 +- ...ApplicationPermissionManagementProvider.cs | 1 - 11 files changed, 199 insertions(+), 3 deletions(-) create mode 100644 modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs create mode 100644 modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs create mode 100644 modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs create mode 100644 modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs create mode 100644 modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs new file mode 100644 index 0000000000..d0c42968c7 --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs @@ -0,0 +1,10 @@ +using System; + +namespace Volo.Abp.IdentityServer.Clients; + +public class ClientFinderResult +{ + public Guid Id { get; set; } + + public string ClientId { get; set; } +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs new file mode 100644 index 0000000000..3d124455ab --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs @@ -0,0 +1,12 @@ +using System; +using System.Collections.Generic; +using System.Threading.Tasks; + +namespace Volo.Abp.IdentityServer.Clients; + +public interface IClientFinder +{ + Task> SearchAsync(string filter, int page = 1); + + Task> SearchByIdsAsync(Guid[] ids); +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs new file mode 100644 index 0000000000..91fd6f4f4f --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs @@ -0,0 +1,45 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Domain.Repositories; + +namespace Volo.Abp.IdentityServer.Clients; + +public class ClientFinder: IClientFinder, ITransientDependency +{ + protected IClientRepository ClientRepository { get; } + + public ClientFinder(IClientRepository clientRepository) + { + ClientRepository = clientRepository; + } + + public virtual async Task> SearchAsync(string filter, int page = 1) + { + using (ClientRepository.DisableTracking()) + { + page = page < 1 ? 1 : page; + var clients = await ClientRepository.GetListAsync(nameof(Client.ClientName), filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); + return clients.Select(x => new ClientFinderResult + { + Id = x.Id, + ClientId = x.ClientId + }).ToList(); + } + } + + public virtual async Task> SearchByIdsAsync(Guid[] ids) + { + using (ClientRepository.DisableTracking()) + { + var clients = await ClientRepository.GetListByIdsAsync(ids); + return clients.Select(x => new ClientFinderResult + { + Id = x.Id, + ClientId = x.ClientId + }).ToList(); + } + } +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/IClientRepository.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/IClientRepository.cs index 478ca592e0..02793df829 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/IClientRepository.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/IClientRepository.cs @@ -36,4 +36,6 @@ public interface IClientRepository : IBasicRepository Guid? expectedId = null, CancellationToken cancellationToken = default ); + + Task> GetListByIdsAsync(Guid[] ids, CancellationToken cancellationToken = default); } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.EntityFrameworkCore/Volo/Abp/IdentityServer/Clients/ClientRepository.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.EntityFrameworkCore/Volo/Abp/IdentityServer/Clients/ClientRepository.cs index 8edaad0345..cd25a63c0e 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.EntityFrameworkCore/Volo/Abp/IdentityServer/Clients/ClientRepository.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.EntityFrameworkCore/Volo/Abp/IdentityServer/Clients/ClientRepository.cs @@ -61,6 +61,13 @@ public class ClientRepository : EfCoreRepository c.Id != expectedId && c.ClientId == clientId, GetCancellationToken(cancellationToken)); } + public virtual async Task> GetListByIdsAsync(Guid[] ids, CancellationToken cancellationToken = default) + { + return await (await GetDbSetAsync()) + .Where(c => ids.Contains(c.Id)) + .ToListAsync(GetCancellationToken(cancellationToken)); + } + public async override Task DeleteAsync(Guid id, bool autoSave = false, CancellationToken cancellationToken = default) { var dbContext = await GetDbContextAsync(); diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.MongoDB/Volo/Abp/IdentityServer/MongoDB/MongoClientRepository.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.MongoDB/Volo/Abp/IdentityServer/MongoDB/MongoClientRepository.cs index d266ac7c52..bd6e5615c5 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.MongoDB/Volo/Abp/IdentityServer/MongoDB/MongoClientRepository.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.MongoDB/Volo/Abp/IdentityServer/MongoDB/MongoClientRepository.cs @@ -69,4 +69,11 @@ public class MongoClientRepository : MongoDbRepository c.Id != expectedId && c.ClientId == clientId, GetCancellationToken(cancellationToken)); } + + public virtual async Task> GetListByIdsAsync(Guid[] ids, CancellationToken cancellationToken = default) + { + return await (await GetQueryableAsync(cancellationToken)) + .Where(c => ids.Contains(c.Id)) + .ToListAsync(GetCancellationToken(cancellationToken)); + } } diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs index dd25c6d5c0..618588bdf4 100644 --- a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs @@ -18,7 +18,6 @@ public class ClientPermissionManagementProvider : PermissionManagementProvider guidGenerator, currentTenant) { - } public override Task CheckAsync(string name, string providerName, string providerKey) @@ -29,6 +28,14 @@ public class ClientPermissionManagementProvider : PermissionManagementProvider } } + public override Task CheckAsync(string[] names, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, providerName, providerKey); + } + } + protected override Task GrantAsync(string name, string providerKey) { using (CurrentTenant.Change(null)) diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs new file mode 100644 index 0000000000..d9ae388b10 --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs @@ -0,0 +1,62 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.Guids; +using Volo.Abp.MultiTenancy; + +namespace Volo.Abp.PermissionManagement.IdentityServer; + +public class ClientResourcePermissionManagementProvider : ResourcePermissionManagementProvider +{ + public override string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ClientResourcePermissionManagementProvider( + IResourcePermissionGrantRepository permissionGrantRepository, + IGuidGenerator guidGenerator, + ICurrentTenant currentTenant) + : base( + permissionGrantRepository, + guidGenerator, + currentTenant) + { + } + + public override Task CheckAsync(string name, string resourceName,string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(name, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task CheckAsync(string[] names, string resourceName, string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task SetAsync(string name, string resourceName,string resourceKey, string providerKey, bool isGranted) + { + using (CurrentTenant.Change(null)) + { + return base.SetAsync(name, resourceName, resourceKey, providerKey, isGranted); + } + } + + protected override async Task GrantAsync(string name, string resourceName, string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + await base.GrantAsync(name, resourceName, resourceKey, providerKey); + } + } + + protected override Task RevokeAsync(string name, string resourceName,string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.RevokeAsync(name, resourceName, resourceKey, providerKey); + } + } +} diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs new file mode 100644 index 0000000000..0db561c9dc --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs @@ -0,0 +1,45 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading; +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.IdentityServer.Clients; +using Volo.Abp.IdentityServer.Localization; +using Volo.Abp.Localization; + +namespace Volo.Abp.PermissionManagement.IdentityServer; + +public class ClientResourcePermissionProviderKeyLookupService : IResourcePermissionProviderKeyLookupService, ITransientDependency +{ + public string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ILocalizableString DisplayName { get; } + + protected IClientFinder ClientFinder { get; } + + public ClientResourcePermissionProviderKeyLookupService(IClientFinder clientFinder) + { + ClientFinder = clientFinder; + DisplayName = LocalizableString.Create(nameof(ClientResourcePermissionProviderKeyLookupService)); + } + + public virtual async Task> SearchAsync(string filter = null, int page = 1, CancellationToken cancellationToken = default) + { + var users = await ClientFinder.SearchAsync(filter, page); + return users.Select(u => new ResourcePermissionProviderKeyInfo(u.Id.ToString(), u.ClientId)).ToList(); + } + + public virtual async Task> SearchAsync(string[] keys, CancellationToken cancellationToken = default) + { + var ids = keys + .Select(key => Guid.TryParse(key, out var id) ? (Guid?)id : null) + .Where(id => id.HasValue) + .Select(id => id.Value) + .Distinct() + .ToArray(); + var users = await ClientFinder.SearchByIdsAsync(ids.ToArray()); + return users.Select(u => new ResourcePermissionProviderKeyInfo(u.Id.ToString(), u.ClientId)).ToList(); + } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs index f102e0cf57..f62db98ded 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs @@ -22,7 +22,7 @@ public class AbpApplicationFinder : IApplicationFinder, ITransientDependency using (ApplicationRepository.DisableTracking()) { page = page < 1 ? 1 : page; - var applications = await ApplicationRepository.GetListAsync(nameof(OpenIddictApplication.ClientId), filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); + var applications = await ApplicationRepository.GetListAsync(nameof(OpenIddictApplication.CreationTime), filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); return applications.Select(x => new ApplicationFinderResult { Id = x.Id, diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs index 7cde7a4dfe..6d07a728e4 100644 --- a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs @@ -18,7 +18,6 @@ public class ApplicationPermissionManagementProvider : PermissionManagementProvi guidGenerator, currentTenant) { - } public override Task CheckAsync(string name, string providerName, string providerKey)