From ab114bedf2b11707244534cca77efbe33edec925 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 30 Dec 2025 17:27:19 +0800
Subject: [PATCH] Add ClientResourcePermissionValueProvider implementation

---
 .../ClientResourcePermissionValueProvider.cs  | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs

diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs
new file mode 100644
index 0000000000..679f54a118
--- /dev/null
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs
@@ -0,0 +1,55 @@
+using System.Linq;
+using System.Threading.Tasks;
+using Volo.Abp.MultiTenancy;
+using Volo.Abp.Security.Claims;
+
+namespace Volo.Abp.Authorization.Permissions.Resources;
+
+public class ClientResourcePermissionValueProvider : ResourcePermissionValueProvider
+{
+    public const string ProviderName = "C";
+
+    public override string Name => ProviderName;
+
+    protected ICurrentTenant CurrentTenant { get; }
+
+    public ClientResourcePermissionValueProvider(IResourcePermissionStore resourcePermissionStore, ICurrentTenant currentTenant)
+        : base(resourcePermissionStore)
+    {
+        CurrentTenant = currentTenant;
+    }
+
+    public override async Task<PermissionGrantResult> CheckAsync(ResourcePermissionValueCheckContext context)
+    {
+        var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
+
+        if (clientId == null)
+        {
+            return PermissionGrantResult.Undefined;
+        }
+
+        using (CurrentTenant.Change(null))
+        {
+            return await ResourcePermissionStore.IsGrantedAsync(context.ResourceName, context.ResourceKey, context.Permission.Name, Name, clientId)
+                ? PermissionGrantResult.Granted
+                : PermissionGrantResult.Undefined;
+        }
+    }
+
+    public override async Task<MultiplePermissionGrantResult> CheckAsync(ResourcePermissionValuesCheckContext context)
+    {
+        var permissionNames = context.Permissions.Select(x => x.Name).Distinct().ToArray();
+        Check.NotNullOrEmpty(permissionNames, nameof(permissionNames));
+
+        var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
+        if (clientId == null)
+        {
+            return new MultiplePermissionGrantResult(permissionNames); ;
+        }
+
+        using (CurrentTenant.Change(null))
+        {
+            return await ResourcePermissionStore.IsGrantedAsync(permissionNames, context.ResourceName, context.ResourceKey, Name, clientId);
+        }
+    }
+}