feat: add management permission to resource permissions and update related logic

2 months ago · c7d73881b8
23 changed files with 234 additions and 67 deletions
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs
@ -52,6 +52,7 @@ public interface IPermissionDefinitionContext
    PermissionDefinition AddResourcePermission(
        string name,
        string resourceName,
+        string managementPermission,
        ILocalizableString? displayName = null,
        MultiTenancySides multiTenancySide = MultiTenancySides.Both,
        bool isEnabled = true);
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
@ -21,6 +21,11 @@ public class PermissionDefinition :
    /// </summary>
    public string? ResourceName { get; set; }

+    /// <summary>
+    ///  Management permission of the resource permission.
+    /// </summary>
+    public string? ManagementPermission { get; set; }
+
    /// <summary>
    /// Parent of this permission if one exists.
    /// If set, this permission can be granted only if parent is granted.
@ -84,12 +89,14 @@ public class PermissionDefinition :
    protected internal PermissionDefinition(
        [NotNull] string name,
        string resourceName,
+        string managementPermission,
        ILocalizableString? displayName = null,
        MultiTenancySides multiTenancySide = MultiTenancySides.Both,
        bool isEnabled = true)
        : this(name, displayName, multiTenancySide, isEnabled)
    {
        ResourceName = Check.NotNull(resourceName, nameof(resourceName));
+        ManagementPermission = Check.NotNull(managementPermission, nameof(managementPermission));
    }

    protected internal PermissionDefinition(
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs
@ -94,11 +94,14 @@ public class PermissionDefinitionContext : IPermissionDefinitionContext
    public virtual PermissionDefinition AddResourcePermission(
        string name,
        string resourceName,
+        string managementPermission,
        ILocalizableString? displayName = null,
        MultiTenancySides multiTenancySide = MultiTenancySides.Both,
        bool isEnabled = true)
    {
        Check.NotNull(name, nameof(name));
+        Check.NotNull(resourceName, nameof(resourceName));
+        Check.NotNull(managementPermission, nameof(managementPermission));

        if (ResourcePermissions.ContainsKey(name))
        {
@ -108,6 +111,7 @@ public class PermissionDefinitionContext : IPermissionDefinitionContext
        var permission = new PermissionDefinition(
            name,
            resourceName,
+            managementPermission,
            displayName,
            multiTenancySide,
            isEnabled)
--- a/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs
+++ b/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs
@ -8,7 +8,9 @@ public class AuthorizationTestResourcePermissionDefinitionProvider : PermissionD
 {
    public override void Define(IPermissionDefinitionContext context)
    {
-        var permission1 = context.AddResourcePermission("MyResourcePermission1", resourceName: TestEntityResource.ResourceName);
+        context.AddGroup("TestEntityManagementPermissionGroup").AddPermission("TestEntityManagementPermission");
+
+        var permission1 = context.AddResourcePermission("MyResourcePermission1", resourceName: TestEntityResource.ResourceName, managementPermission: "TestEntityManagementPermission");
        Assert.Throws<AbpException>(() =>
        {
            permission1.AddChild("MyResourcePermission1.ChildPermission1");
@ -16,12 +18,12 @@ public class AuthorizationTestResourcePermissionDefinitionProvider : PermissionD
        permission1.StateCheckers.Add(new TestRequireEditionPermissionSimpleStateChecker());;
        permission1[PermissionDefinitionContext.KnownPropertyNames.CurrentProviderName].ShouldBe(typeof(AuthorizationTestResourcePermissionDefinitionProvider).FullName);

-        context.AddResourcePermission("MyResourcePermission2", resourceName: typeof(TestEntityResource).FullName!);
-        context.AddResourcePermission("MyResourcePermission3", resourceName: typeof(TestEntityResource).FullName!);
-        context.AddResourcePermission("MyResourcePermission4", resourceName: typeof(TestEntityResource).FullName!);
-        context.AddResourcePermission("MyResourcePermission5", resourceName: typeof(TestEntityResource).FullName!);
-        context.AddResourcePermission("MyResourcePermission6", resourceName: typeof(TestEntityResource).FullName!).WithProviders(nameof(TestResourcePermissionValueProvider1));
-        context.AddResourcePermission("MyResourcePermission7", resourceName: typeof(TestEntityResource).FullName!).WithProviders(nameof(TestResourcePermissionValueProvider2));
+        context.AddResourcePermission("MyResourcePermission2", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission3", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission4", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission5", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission6", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission").WithProviders(nameof(TestResourcePermissionValueProvider1));
+        context.AddResourcePermission("MyResourcePermission7", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission").WithProviders(nameof(TestResourcePermissionValueProvider2));

        context.GetResourcePermissionOrNull("MyResourcePermission1").ShouldNotBeNull();
    }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs
@ -12,9 +12,9 @@ public interface IPermissionAppService : IApplicationService

    Task UpdateAsync([NotNull] string providerName, [NotNull] string providerKey, UpdatePermissionsDto input);

-    Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync();
+    Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync(string resourceName);

-    Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string serviceName, string filter, int page);
+    Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page);

    Task<GetResourcePermissionDefinitionListResultDto> GetResourceDefinitionsAsync([NotNull] string resourceName);

--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@ -166,9 +166,15 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
        }
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
-    public virtual async Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync()
+    public virtual async Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync(string resourceName)
    {
+        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+        if (!resourcePermissions.Any() ||
+            !await AuthorizationService.IsGrantedAnyAsync(resourcePermissions.Select(p => p.ManagementPermission!).ToArray()))
+        {
+            return new GetResourceProviderListResultDto();;
+        }
+
        var lookupServices = await ResourcePermissionManager.GetProviderKeyLookupServicesAsync();
        return new GetResourceProviderListResultDto
        {
@ -180,9 +186,15 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
        };
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
-    public virtual async Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+    public virtual async Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
    {
+        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+        if (!resourcePermissions.Any() ||
+            !await AuthorizationService.IsGrantedAnyAsync(resourcePermissions.Select(p => p.ManagementPermission!).ToArray()))
+        {
+            return new SearchProviderKeyListResultDto();;
+        }
+
        var lookupService = await ResourcePermissionManager.GetProviderKeyLookupServiceAsync(serviceName);
        var keys = await lookupService.SearchAsync(filter, page);
        return new SearchProviderKeyListResultDto
@ -195,7 +207,6 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
        };
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
    public virtual async Task<GetResourcePermissionDefinitionListResultDto> GetResourceDefinitionsAsync(string resourceName)
    {
        var result = new GetResourcePermissionDefinitionListResultDto
@ -206,17 +217,19 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
        foreach (var resourcePermission in resourcePermissions)
        {
-            result.Permissions.Add(new ResourcePermissionDefinitionDto()
+            if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
            {
-                Name = resourcePermission.Name,
-                DisplayName = resourcePermission.DisplayName?.Localize(StringLocalizerFactory),
-            });
+                result.Permissions.Add(new ResourcePermissionDefinitionDto()
+                {
+                    Name = resourcePermission.Name,
+                    DisplayName = resourcePermission.DisplayName?.Localize(StringLocalizerFactory),
+                });
+            }
        }

        return result;
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
    public virtual async Task<GetResourcePermissionListResultDto> GetResourceAsync(string resourceName, string resourceKey)
    {
        var result = new GetResourcePermissionListResultDto
@ -238,11 +251,20 @@ public class PermissionAppService : ApplicationService, IPermissionAppService

            foreach (var permission in resourcePermissionGrant.Permissions)
            {
-                resourcePermissionGrantInfoDto.Permissions.Add(new GrantedResourcePermissionDto()
+                var resourcePermission = resourcePermissions.FirstOrDefault(x => x.Name == permission);
+                if (resourcePermission == null)
                {
-                    Name = permission,
-                    DisplayName = resourcePermissions.FirstOrDefault(x => x.Name == permission)?.DisplayName?.Localize(StringLocalizerFactory),
-                });
+                    continue;
+                }
+
+                if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+                {
+                    resourcePermissionGrantInfoDto.Permissions.Add(new GrantedResourcePermissionDto()
+                    {
+                        Name = permission,
+                        DisplayName = resourcePermission?.DisplayName.Localize(StringLocalizerFactory),
+                    });
+                }
            }

            result.Permissions.Add(resourcePermissionGrantInfoDto);
@ -251,7 +273,6 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
        return result;
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
    public virtual async Task<GetResourcePermissionWithProviderListResultDto> GetResourceByProviderAsync(string resourceName, string resourceKey, string providerName, string providerKey)
    {
        var result = new GetResourcePermissionWithProviderListResultDto
@ -259,35 +280,54 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
            Permissions = new List<ResourcePermissionWithProdiverGrantInfoDto>()
        };

+        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
        var resourcePermissionGrants = await ResourcePermissionManager.GetAllAsync(resourceName, resourceKey, providerName, providerKey);
-        foreach (var resourcePermission in resourcePermissionGrants)
+        foreach (var resourcePermissionGrant in resourcePermissionGrants)
        {
-            result.Permissions.Add(new ResourcePermissionWithProdiverGrantInfoDto
+            var resourcePermission = resourcePermissions.FirstOrDefault(x => x.Name == resourcePermissionGrant.Name);
+            if (resourcePermission == null)
+            {
+                continue;
+            }
+
+            if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
            {
-                Name = resourcePermission.Name,
-                DisplayName = (await PermissionDefinitionManager.GetResourcePermissionOrNullAsync(resourcePermission.Name))?.DisplayName.Localize(StringLocalizerFactory),
-                IsGranted = resourcePermission.IsGranted
-            });
+                result.Permissions.Add(new ResourcePermissionWithProdiverGrantInfoDto
+                {
+                    Name = resourcePermissionGrant.Name,
+                    DisplayName = resourcePermission?.DisplayName.Localize(StringLocalizerFactory),
+                    IsGranted = resourcePermissionGrant.IsGranted
+                });
+            }
        }

        return result;
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
    public virtual async Task UpdateResourceAsync(string resourceName, string resourceKey, UpdateResourcePermissionsDto input)
    {
        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
        foreach (var resourcePermission in resourcePermissions)
        {
+            if (!await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+            {
+                continue;
+            }
            var isGranted = !input.Permissions.IsNullOrEmpty() && input.Permissions.Any(p => p == resourcePermission.Name);
            await ResourcePermissionManager.SetAsync(resourcePermission.Name, resourceName, resourceKey, input.ProviderName, input.ProviderKey, isGranted);
        }
    }

-    [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
    public virtual async Task DeleteResourceAsync(string resourceName, string resourceKey, string providerName, string providerKey)
    {
-        await ResourcePermissionManager.DeleteAsync(resourceName, resourceKey, providerName, providerKey);
+        var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+        foreach (var resourcePermission in resourcePermissions)
+        {
+            if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+            {
+                await ResourcePermissionManager.DeleteAsync(resourcePermission.Name, resourceName, resourceKey, providerName, providerKey);
+            }
+        }
    }

    protected virtual async Task CheckProviderPolicy(string providerName)
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs
@ -14,4 +14,6 @@ public class PermissionDefinitionRecordConsts
    public static int MaxStateCheckersLength { get; set; } = 256;

    public static int MaxResourceNameLength { get; set; } = 256;
+
+    public static int MaxManagementPermissionLength { get; set; } = 128;
 }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs
@ -53,6 +53,7 @@ public class DynamicPermissionDefinitionStoreInMemoryCache :
        {
            context.AddResourcePermission(resourcePermission.Name,
                resourcePermission.ResourceName,
+                resourcePermission.ManagementPermission,
                resourcePermission.DisplayName != null ? LocalizableStringSerializer.Deserialize(resourcePermission.DisplayName) : null,
                resourcePermission.MultiTenancySide,
                resourcePermission.IsEnabled);
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs
@ -66,6 +66,14 @@ public interface IResourcePermissionManager
        string providerKey
    );

+    Task DeleteAsync(
+        string name,
+        string resourceName,
+        string resourceKey,
+        string providerName,
+        string providerKey
+    );
+
    Task DeleteAsync(
        string providerName,
        string providerKey
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs
@ -14,6 +14,8 @@ public class PermissionDefinitionRecord : BasicAggregateRoot<Guid>, IHasExtraPro

    public string ResourceName { get; set; }

+    public string ManagementPermission { get; set; }
+
    public string ParentName { get; set; }

    public string DisplayName { get; set; }
@ -45,6 +47,7 @@ public class PermissionDefinitionRecord : BasicAggregateRoot<Guid>, IHasExtraPro
        string groupName,
        string name,
        string resourceName,
+        string managementPermission,
        string parentName,
        string displayName,
        bool isEnabled = true,
@ -60,6 +63,7 @@ public class PermissionDefinitionRecord : BasicAggregateRoot<Guid>, IHasExtraPro
        }
        Name = Check.NotNullOrWhiteSpace(name, nameof(name), PermissionDefinitionRecordConsts.MaxNameLength);
        ResourceName = resourceName;
+        ManagementPermission = managementPermission;
        ParentName = Check.Length(parentName, nameof(parentName), PermissionDefinitionRecordConsts.MaxNameLength);
        DisplayName =  Check.NotNullOrWhiteSpace(displayName, nameof(displayName), PermissionDefinitionRecordConsts.MaxDisplayNameLength);
        IsEnabled = isEnabled;
@ -78,6 +82,16 @@ public class PermissionDefinitionRecord : BasicAggregateRoot<Guid>, IHasExtraPro
            return false;
        }

+        if (ResourceName != otherRecord.ResourceName)
+        {
+            return false;
+        }
+
+        if (ManagementPermission != otherRecord.ManagementPermission)
+        {
+            return false;
+        }
+
        if (GroupName != otherRecord.GroupName)
        {
            return false;
@ -128,6 +142,16 @@ public class PermissionDefinitionRecord : BasicAggregateRoot<Guid>, IHasExtraPro
            Name = otherRecord.Name;
        }

+        if (ResourceName != otherRecord.ResourceName)
+        {
+            ResourceName = otherRecord.ResourceName;
+        }
+
+        if (ManagementPermission != otherRecord.ManagementPermission)
+        {
+            ManagementPermission = otherRecord.ManagementPermission;
+        }
+
        if (GroupName != otherRecord.GroupName)
        {
            GroupName = otherRecord.GroupName;
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs
@ -87,6 +87,7 @@ public class PermissionDefinitionSerializer : IPermissionDefinitionSerializer, I
                permissionGroup?.Name,
                permission.Name,
                permission.ResourceName,
+                permission.ManagementPermission,
                permission.Parent?.Name,
                LocalizableStringSerializer.Serialize(permission.DisplayName),
                permission.IsEnabled,
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs
@ -332,6 +332,15 @@ public class ResourcePermissionManager : IResourcePermissionManager, ISingletonD
        }
    }

+    public virtual async Task DeleteAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey)
+    {
+        var permissionGrant = await ResourcePermissionGrantRepository.FindAsync(name, resourceName, resourceKey, providerName, providerKey);
+        if (permissionGrant != null)
+        {
+            await ResourcePermissionGrantRepository.DeleteAsync(permissionGrant, true);
+        }
+    }
+
    public virtual async Task DeleteAsync(string providerName, string providerKey)
    {
        var permissionGrants = await ResourcePermissionGrantRepository.GetListAsync(providerName, providerKey);
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs
@ -72,13 +72,13 @@ public static class AbpPermissionManagementDbContextModelBuilderExtensions
                b.Property(x => x.GroupName).HasMaxLength(PermissionGroupDefinitionRecordConsts.MaxNameLength);
                b.Property(x => x.Name).HasMaxLength(PermissionDefinitionRecordConsts.MaxNameLength).IsRequired();
                b.Property(x => x.ResourceName).HasMaxLength(PermissionDefinitionRecordConsts.MaxResourceNameLength);
+                b.Property(x => x.ManagementPermission).HasMaxLength(PermissionDefinitionRecordConsts.MaxManagementPermissionLength);
                b.Property(x => x.ParentName).HasMaxLength(PermissionDefinitionRecordConsts.MaxNameLength);
-                b.Property(x => x.DisplayName).HasMaxLength(PermissionDefinitionRecordConsts.MaxDisplayNameLength)
-                    .IsRequired();
+                b.Property(x => x.DisplayName).HasMaxLength(PermissionDefinitionRecordConsts.MaxDisplayNameLength).IsRequired();
                b.Property(x => x.Providers).HasMaxLength(PermissionDefinitionRecordConsts.MaxProvidersLength);
                b.Property(x => x.StateCheckers).HasMaxLength(PermissionDefinitionRecordConsts.MaxStateCheckersLength);

-                b.HasIndex(x => new { x.Name }).IsUnique();
+                b.HasIndex(x => new { x.ResourceName, x.Name }).IsUnique();
                b.HasIndex(x => new { x.GroupName });

                b.ApplyObjectExtensionMappings();
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs
@ -46,15 +46,19 @@ public partial class PermissionsClientProxy : ClientProxyBase<IPermissionAppServ
        });
    }

-    public virtual async Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync()
+    public virtual async Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync(string resourceName)
    {
-        return await RequestAsync<GetResourceProviderListResultDto>(nameof(GetResourceProviderKeyLookupServicesAsync));
+        return await RequestAsync<GetResourceProviderListResultDto>(nameof(GetResourceProviderKeyLookupServicesAsync), new ClientProxyRequestTypeValue
+        {
+            { typeof(string), resourceName }
+        });
    }

-    public virtual async Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+    public virtual async Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
    {
        return await RequestAsync<SearchProviderKeyListResultDto>(nameof(SearchResourceProviderKeyAsync), new ClientProxyRequestTypeValue
        {
+            { typeof(string), resourceName },
            { typeof(string), serviceName },
            { typeof(string), filter },
            { typeof(int), page }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json
@ -181,7 +181,16 @@
                },
                {
                  "name": "GetResourceProviderKeyLookupServicesAsync",
-                  "parametersOnMethod": [],
+                  "parametersOnMethod": [
+                    {
+                      "name": "resourceName",
+                      "typeAsString": "System.String, System.Private.CoreLib",
+                      "type": "System.String",
+                      "typeSimple": "string",
+                      "isOptional": false,
+                      "defaultValue": null
+                    }
+                  ],
                  "returnValue": {
                    "type": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto",
                    "typeSimple": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto"
@ -190,6 +199,14 @@
                {
                  "name": "SearchResourceProviderKeyAsync",
                  "parametersOnMethod": [
+                    {
+                      "name": "resourceName",
+                      "typeAsString": "System.String, System.Private.CoreLib",
+                      "type": "System.String",
+                      "typeSimple": "string",
+                      "isOptional": false,
+                      "defaultValue": null
+                    },
                    {
                      "name": "serviceName",
                      "typeAsString": "System.String, System.Private.CoreLib",
@ -592,14 +609,36 @@
              "allowAnonymous": null,
              "implementFrom": "Volo.Abp.PermissionManagement.IPermissionAppService"
            },
-            "GetResourceProviderKeyLookupServicesAsync": {
-              "uniqueName": "GetResourceProviderKeyLookupServicesAsync",
+            "GetResourceProviderKeyLookupServicesAsyncByResourceName": {
+              "uniqueName": "GetResourceProviderKeyLookupServicesAsyncByResourceName",
              "name": "GetResourceProviderKeyLookupServicesAsync",
              "httpMethod": "GET",
              "url": "api/permission-management/permissions/resource-provider-key-lookup-services",
              "supportedVersions": [],
-              "parametersOnMethod": [],
-              "parameters": [],
+              "parametersOnMethod": [
+                {
+                  "name": "resourceName",
+                  "typeAsString": "System.String, System.Private.CoreLib",
+                  "type": "System.String",
+                  "typeSimple": "string",
+                  "isOptional": false,
+                  "defaultValue": null
+                }
+              ],
+              "parameters": [
+                {
+                  "nameOnMethod": "resourceName",
+                  "name": "resourceName",
+                  "jsonName": null,
+                  "type": "System.String",
+                  "typeSimple": "string",
+                  "isOptional": false,
+                  "defaultValue": null,
+                  "constraintTypes": null,
+                  "bindingSourceId": "ModelBinding",
+                  "descriptorName": ""
+                }
+              ],
              "returnValue": {
                "type": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto",
                "typeSimple": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto"
@ -607,13 +646,21 @@
              "allowAnonymous": null,
              "implementFrom": "Volo.Abp.PermissionManagement.IPermissionAppService"
            },
-            "SearchResourceProviderKeyAsyncByServiceNameAndFilterAndPage": {
-              "uniqueName": "SearchResourceProviderKeyAsyncByServiceNameAndFilterAndPage",
+            "SearchResourceProviderKeyAsyncByResourceNameAndServiceNameAndFilterAndPage": {
+              "uniqueName": "SearchResourceProviderKeyAsyncByResourceNameAndServiceNameAndFilterAndPage",
              "name": "SearchResourceProviderKeyAsync",
              "httpMethod": "GET",
              "url": "api/permission-management/permissions/search-resource-provider-keys",
              "supportedVersions": [],
              "parametersOnMethod": [
+                {
+                  "name": "resourceName",
+                  "typeAsString": "System.String, System.Private.CoreLib",
+                  "type": "System.String",
+                  "typeSimple": "string",
+                  "isOptional": false,
+                  "defaultValue": null
+                },
                {
                  "name": "serviceName",
                  "typeAsString": "System.String, System.Private.CoreLib",
@ -640,6 +687,18 @@
                }
              ],
              "parameters": [
+                {
+                  "nameOnMethod": "resourceName",
+                  "name": "resourceName",
+                  "jsonName": null,
+                  "type": "System.String",
+                  "typeSimple": "string",
+                  "isOptional": false,
+                  "defaultValue": null,
+                  "constraintTypes": null,
+                  "bindingSourceId": "ModelBinding",
+                  "descriptorName": ""
+                },
                {
                  "nameOnMethod": "serviceName",
                  "name": "serviceName",
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs
@ -36,15 +36,15 @@ public class PermissionsController : AbpControllerBase, IPermissionAppService
    }

    [HttpGet("resource-provider-key-lookup-services")]
-    public virtual Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync()
+    public virtual Task<GetResourceProviderListResultDto> GetResourceProviderKeyLookupServicesAsync(string resourceName)
    {
-        return PermissionAppService.GetResourceProviderKeyLookupServicesAsync();
+        return PermissionAppService.GetResourceProviderKeyLookupServicesAsync(resourceName);
    }

    [HttpGet("search-resource-provider-keys")]
-    public virtual Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+    public virtual Task<SearchProviderKeyListResultDto> SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
    {
-        return PermissionAppService.SearchResourceProviderKeyAsync(serviceName, filter, page);
+        return PermissionAppService.SearchResourceProviderKeyAsync(resourceName, serviceName, filter, page);
    }

    [HttpGet("resource-definitions")]
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs
@ -42,7 +42,7 @@ public class AddResourcePermissionManagementModal : AbpPageModel
        ValidateModel();

        ResourcePermissionDefinitions = await PermissionAppService.GetResourceDefinitionsAsync(ResourceName);
-        ResourceProviders = await PermissionAppService.GetResourceProviderKeyLookupServicesAsync();
+        ResourceProviders = await PermissionAppService.GetResourceProviderKeyLookupServicesAsync(ResourceName);

        return Page();
    }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs
@ -39,7 +39,7 @@ public class ResourcePermissionManagementModal : AbpPageModel
        HasAnyResourcePermission = (await PermissionAppService.GetResourceDefinitionsAsync(ResourceName)).Permissions.Any();
        if (HasAnyResourcePermission)
        {
-            HasAnyResourceProviderKeyLookupService = (await PermissionAppService.GetResourceProviderKeyLookupServicesAsync()).Providers.Count > 0;
+            HasAnyResourceProviderKeyLookupService = (await PermissionAppService.GetResourceProviderKeyLookupServicesAsync(ResourceName)).Providers.Count > 0;
        }
        return Page();
    }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js
@ -18,6 +18,7 @@ var abp = abp || {};
            dataType: "json",
            data: function (params) {
                var query = {};
+                query["resourceName"] = $('#ResourceName').val();
                query["serviceName"] = $('input[name="AddModel.ProviderName"]:checked').val();
                query["page"] = params.page || 1;
                query["filter"] = params.term;
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js
@ -34,16 +34,16 @@
      }, ajaxParams));
    };

-    volo.abp.permissionManagement.permissions.getResourceProviderKeyLookupServices = function(ajaxParams) {
+    volo.abp.permissionManagement.permissions.getResourceProviderKeyLookupServices = function(resourceName, ajaxParams) {
      return abp.ajax($.extend(true, {
-        url: abp.appPath + 'api/permission-management/permissions/resource-provider-key-lookup-services',
+        url: abp.appPath + 'api/permission-management/permissions/resource-provider-key-lookup-services' + abp.utils.buildQueryString([{ name: 'resourceName', value: resourceName }]) + '',
        type: 'GET'
      }, ajaxParams));
    };

-    volo.abp.permissionManagement.permissions.searchResourceProviderKey = function(serviceName, filter, page, ajaxParams) {
+    volo.abp.permissionManagement.permissions.searchResourceProviderKey = function(resourceName, serviceName, filter, page, ajaxParams) {
      return abp.ajax($.extend(true, {
-        url: abp.appPath + 'api/permission-management/permissions/search-resource-provider-keys' + abp.utils.buildQueryString([{ name: 'serviceName', value: serviceName }, { name: 'filter', value: filter }, { name: 'page', value: page }]) + '',
+        url: abp.appPath + 'api/permission-management/permissions/search-resource-provider-keys' + abp.utils.buildQueryString([{ name: 'resourceName', value: resourceName }, { name: 'serviceName', value: serviceName }, { name: 'filter', value: filter }, { name: 'page', value: page }]) + '',
        type: 'GET'
      }, ajaxParams));
    };
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs
@ -35,7 +35,7 @@ public class CalculateHash_Tests: PermissionTestBase
        json.ShouldNotContain(id.ToString("D"));
        json = JsonSerializer.Serialize(new List<PermissionDefinitionRecord>()
            {
-                new PermissionDefinitionRecord(id, "Test", "Test", "Test", "Test", "Test")
+                new PermissionDefinitionRecord(id, "Test", "Test", "Test", "Test", "Test", "Test")
            },
            jsonSerializerOptions);
        json.ShouldNotContain("\"Id\"");
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs
@ -88,6 +88,7 @@ public class PermissionDefinitionSerializer_Tests : PermissionTestBase
        var resourcePermission1 = context.AddResourcePermission(
                "ResourcePermission1",
                TestEntityResource.ResourceName,
+                "Permission1",
                new LocalizableString(typeof(AbpPermissionManagementResource), "ResourcePermission1"),
                MultiTenancySides.Tenant
            )
@ -110,6 +111,7 @@ public class PermissionDefinitionSerializer_Tests : PermissionTestBase
        permissionRecord.Name.ShouldBe("ResourcePermission1");
        permissionRecord.GroupName.ShouldBe(null);
        permissionRecord.ResourceName.ShouldBe(TestEntityResource.ResourceName);
+        permissionRecord.ManagementPermission.ShouldBe("Permission1");
        permissionRecord.DisplayName.ShouldBe("L:AbpPermissionManagement,ResourcePermission1");
        permissionRecord.GetProperty("CustomProperty2").ShouldBe("CustomValue2");
        permissionRecord.Providers.ShouldBe("ProviderA,ProviderB");
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs
@ -7,20 +7,22 @@ public class TestResourcePermissionDefinitionProvider : PermissionDefinitionProv
 {
    public override void Define(IPermissionDefinitionContext context)
    {
-        context.AddResourcePermission("MyResourcePermission1", TestEntityResource.ResourceName);
-        context.AddResourcePermission("MyResourceDisabledPermission1", TestEntityResource.ResourceName, isEnabled: false);
-        context.AddResourcePermission("MyResourcePermission2", TestEntityResource.ResourceName);
-        context.AddResourcePermission("MyResourcePermission3", TestEntityResource.ResourceName, multiTenancySide: MultiTenancySides.Host);
-        context.AddResourcePermission("MyResourcePermission4", TestEntityResource.ResourceName, multiTenancySide: MultiTenancySides.Host).WithProviders(UserPermissionValueProvider.ProviderName);
+        context.AddGroup("TestEntityManagementPermissionGroup").AddPermission("TestEntityManagementPermission");

-        var myPermission5 = context.AddResourcePermission("MyResourcePermission5", TestEntityResource.ResourceName);
+        context.AddResourcePermission("MyResourcePermission1", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourceDisabledPermission1", TestEntityResource.ResourceName, "TestEntityManagementPermission", isEnabled: false);
+        context.AddResourcePermission("MyResourcePermission2", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission3", TestEntityResource.ResourceName, "TestEntityManagementPermission", multiTenancySide: MultiTenancySides.Host);
+        context.AddResourcePermission("MyResourcePermission4", TestEntityResource.ResourceName, "TestEntityManagementPermission", multiTenancySide: MultiTenancySides.Host).WithProviders(UserPermissionValueProvider.ProviderName);
+
+        var myPermission5 = context.AddResourcePermission("MyResourcePermission5", TestEntityResource.ResourceName, "TestEntityManagementPermission");
        myPermission5.StateCheckers.Add(new TestRequireRolePermissionStateProvider("super-admin"));

-        context.AddResourcePermission("MyResourcePermission6", TestEntityResource.ResourceName);
+        context.AddResourcePermission("MyResourcePermission6", TestEntityResource.ResourceName, "TestEntityManagementPermission");

-        context.AddResourcePermission("MyResourceDisabledPermission2", TestEntityResource.ResourceName, isEnabled: false);
+        context.AddResourcePermission("MyResourceDisabledPermission2", TestEntityResource.ResourceName, "TestEntityManagementPermission", isEnabled: false);

-        context.AddResourcePermission("MyResourcePermission7", TestEntityResource.ResourceName);
-        context.AddResourcePermission("MyResourcePermission8", TestEntityResource.ResourceName);
+        context.AddResourcePermission("MyResourcePermission7", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+        context.AddResourcePermission("MyResourcePermission8", TestEntityResource.ResourceName, "TestEntityManagementPermission");
    }
 }