From a0404e574e2091553f8a1fac6a2ec034b9ca6a23 Mon Sep 17 00:00:00 2001
From: Halil ibrahim Kalkan <hi_kalkan@yahoo.com>
Date: Thu, 24 Jan 2019 17:20:08 +0300
Subject: [PATCH] Authorize to manage permissions.

---
 ...ermissionManagementDomainIdentityModule.cs |  7 ++++-
 .../PermissionAppService.cs                   | 27 ++++++++++++++++---
 .../PermissionDataSeeder.cs                   |  5 ++++
 .../PermissionManagementOptions.cs            |  6 ++++-
 4 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
index db6cc1ec63..4f6eb41f2b 100644
--- a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
+++ b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/AbpPermissionManagementDomainIdentityModule.cs
@@ -1,4 +1,5 @@
-using Volo.Abp.Modularity;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Modularity;
 
 namespace Volo.Abp.PermissionManagement.Identity
 {
@@ -10,6 +11,10 @@ namespace Volo.Abp.PermissionManagement.Identity
             {
                 options.ManagementProviders.Add<UserPermissionManagementProvider>();
                 options.ManagementProviders.Add<RolePermissionManagementProvider>();
+
+                //TODO: Can we prevent duplication of permission names without breaking the design and making the system complicated
+                options.ProviderPolicies[UserPermissionValueProvider.ProviderName] = "AbpIdentity.Users.ManagePermissions";
+                options.ProviderPolicies[RolePermissionValueProvider.ProviderName] = "AbpIdentity.Roles.ManagePermissions";
             });
         }
     }
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
index 4131d5b3ec..1fe6c2667c 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@@ -1,15 +1,19 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Localization;
+using Microsoft.Extensions.Options;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Authorization.Permissions;
 
 namespace Volo.Abp.PermissionManagement
 {
-    //[Authorize]
+    [Authorize]
     public class PermissionAppService : ApplicationService, IPermissionAppService
     {
+        protected PermissionManagementOptions Options { get; }
+
         private readonly IPermissionManager _permissionManager;
         private readonly IPermissionDefinitionManager _permissionDefinitionManager;
         private readonly IStringLocalizerFactory _stringLocalizerFactory;
@@ -17,8 +21,10 @@ namespace Volo.Abp.PermissionManagement
         public PermissionAppService(
             IPermissionManager permissionManager, 
             IPermissionDefinitionManager permissionDefinitionManager,
-            IStringLocalizerFactory stringLocalizerFactory)
+            IStringLocalizerFactory stringLocalizerFactory,
+            IOptions<PermissionManagementOptions> options)
         {
+            Options = options.Value;
             _permissionManager = permissionManager;
             _permissionDefinitionManager = permissionDefinitionManager;
             _stringLocalizerFactory = stringLocalizerFactory;
@@ -26,6 +32,8 @@ namespace Volo.Abp.PermissionManagement
 
         public async Task<GetPermissionListResultDto> GetAsync(string providerName, string providerKey)
         {
+            await CheckProviderPolicy(providerName);
+
             var result = new GetPermissionListResultDto
             {
                 EntityDisplayName = providerKey,
@@ -75,10 +83,23 @@ namespace Volo.Abp.PermissionManagement
 
         public async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input)
         {
+            await CheckProviderPolicy(providerName);
+
             foreach (var permission in input.Permissions)
             {
                 await _permissionManager.SetAsync(permission.Name, providerName, providerKey, permission.IsGranted);
             }
         }
+
+        protected virtual async Task CheckProviderPolicy(string providerName)
+        {
+            var policyName = Options.ProviderPolicies.GetOrDefault(providerName);
+            if (policyName.IsNullOrEmpty())
+            {
+                throw new AbpException($"No policy defined to get/set permissions for the provider '{policyName}'. Use {nameof(PermissionManagementOptions)} to map the policy.");
+            }
+
+            await AuthorizationService.CheckAsync(policyName);
+        }
     }
 }
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs
index 782fcfc49c..80062f528d 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeeder.cs
@@ -27,6 +27,11 @@ namespace Volo.Abp.PermissionManagement
         {
             foreach (var permissionName in grantedPermissions)
             {
+                if (await PermissionGrantRepository.FindAsync(permissionName, providerName, providerKey) != null)
+                {
+                    continue;
+                }
+
                 await PermissionGrantRepository.InsertAsync(
                     new PermissionGrant(
                         GuidGenerator.Create(),
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs
index 07bf361acc..2e29ab9c29 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManagementOptions.cs
@@ -1,4 +1,5 @@
-using Volo.Abp.Collections;
+using System.Collections.Generic;
+using Volo.Abp.Collections;
 
 namespace Volo.Abp.PermissionManagement
 {
@@ -6,9 +7,12 @@ namespace Volo.Abp.PermissionManagement
     {
         public ITypeList<IPermissionManagementProvider> ManagementProviders { get; }
 
+        public Dictionary<string, string> ProviderPolicies { get; }
+
         public PermissionManagementOptions()
         {
             ManagementProviders = new TypeList<IPermissionManagementProvider>();
+            ProviderPolicies = new Dictionary<string, string>();
         }
     }
 }