Authorize to manage permissions.

7 years ago · a0404e574e
4 changed files with 40 additions and 5 deletions
--- a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
+++ b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
@ -1,4 +1,5 @@
-using Volo.Abp.Modularity;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Modularity;

 namespace Volo.Abp.PermissionManagement.Identity
 {
@ -10,6 +11,10 @@ namespace Volo.Abp.PermissionManagement.Identity
            {
                options.ManagementProviders.Add<UserPermissionManagementProvider>();
                options.ManagementProviders.Add<RolePermissionManagementProvider>();
+
+                //TODO: Can we prevent duplication of permission names without breaking the design and making the system complicated
+                options.ProviderPolicies[UserPermissionValueProvider.ProviderName] = "AbpIdentity.Users.ManagePermissions";
+                options.ProviderPolicies[RolePermissionValueProvider.ProviderName] = "AbpIdentity.Roles.ManagePermissions";
            });
        }
    }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@ -1,15 +1,19 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Localization;
+using Microsoft.Extensions.Options;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Authorization.Permissions;

 namespace Volo.Abp.PermissionManagement
 {
-    //[Authorize]
+    [Authorize]
    public class PermissionAppService : ApplicationService, IPermissionAppService
    {
+        protected PermissionManagementOptions Options { get; }
+
        private readonly IPermissionManager _permissionManager;
        private readonly IPermissionDefinitionManager _permissionDefinitionManager;
        private readonly IStringLocalizerFactory _stringLocalizerFactory;
@ -17,8 +21,10 @@ namespace Volo.Abp.PermissionManagement
        public PermissionAppService(
            IPermissionManager permissionManager, 
            IPermissionDefinitionManager permissionDefinitionManager,
-            IStringLocalizerFactory stringLocalizerFactory)
+            IStringLocalizerFactory stringLocalizerFactory,
+            IOptions<PermissionManagementOptions> options)
        {
+            Options = options.Value;
            _permissionManager = permissionManager;
            _permissionDefinitionManager = permissionDefinitionManager;
            _stringLocalizerFactory = stringLocalizerFactory;
@ -26,6 +32,8 @@ namespace Volo.Abp.PermissionManagement

        public async Task<GetPermissionListResultDto> GetAsync(string providerName, string providerKey)
        {
+            await CheckProviderPolicy(providerName);
+
            var result = new GetPermissionListResultDto
            {
                EntityDisplayName = providerKey,
@ -75,10 +83,23 @@ namespace Volo.Abp.PermissionManagement

        public async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input)
        {
+            await CheckProviderPolicy(providerName);
+
            foreach (var permission in input.Permissions)
            {
                await _permissionManager.SetAsync(permission.Name, providerName, providerKey, permission.IsGranted);
            }
        }
+
+        protected virtual async Task CheckProviderPolicy(string providerName)
+        {
+            var policyName = Options.ProviderPolicies.GetOrDefault(providerName);
+            if (policyName.IsNullOrEmpty())
+            {
+                throw new AbpException($"No policy defined to get/set permissions for the provider '{policyName}'. Use {nameof(PermissionManagementOptions)} to map the policy.");
+            }
+
+            await AuthorizationService.CheckAsync(policyName);
+        }
    }
 }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs
@ -27,6 +27,11 @@ namespace Volo.Abp.PermissionManagement
        {
            foreach (var permissionName in grantedPermissions)
            {
+                if (await PermissionGrantRepository.FindAsync(permissionName, providerName, providerKey) != null)
+                {
+                    continue;
+                }
+
                await PermissionGrantRepository.InsertAsync(
                    new PermissionGrant(
                        GuidGenerator.Create(),
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs
@ -1,4 +1,5 @@
-using Volo.Abp.Collections;
+using System.Collections.Generic;
+using Volo.Abp.Collections;

 namespace Volo.Abp.PermissionManagement
 {
@ -6,9 +7,12 @@ namespace Volo.Abp.PermissionManagement
    {
        public ITypeList<IPermissionManagementProvider> ManagementProviders { get; }

+        public Dictionary<string, string> ProviderPolicies { get; }
+
        public PermissionManagementOptions()
        {
            ManagementProviders = new TypeList<IPermissionManagementProvider>();
+            ProviderPolicies = new Dictionary<string, string>();
        }
    }
 }