diff --git a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs
index e6c949429d..0afe808877 100644
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/IPermissionDefinitionContext.cs
@@ -52,6 +52,7 @@ public interface IPermissionDefinitionContext
PermissionDefinition AddResourcePermission(
string name,
string resourceName,
+ string managementPermission,
ILocalizableString? displayName = null,
MultiTenancySides multiTenancySide = MultiTenancySides.Both,
bool isEnabled = true);
diff --git a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
index 371d880ee5..06e21b115d 100644
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
@@ -21,6 +21,11 @@ public class PermissionDefinition :
///
public string? ResourceName { get; set; }
+ ///
+ /// Management permission of the resource permission.
+ ///
+ public string? ManagementPermission { get; set; }
+
///
/// Parent of this permission if one exists.
/// If set, this permission can be granted only if parent is granted.
@@ -84,12 +89,14 @@ public class PermissionDefinition :
protected internal PermissionDefinition(
[NotNull] string name,
string resourceName,
+ string managementPermission,
ILocalizableString? displayName = null,
MultiTenancySides multiTenancySide = MultiTenancySides.Both,
bool isEnabled = true)
: this(name, displayName, multiTenancySide, isEnabled)
{
ResourceName = Check.NotNull(resourceName, nameof(resourceName));
+ ManagementPermission = Check.NotNull(managementPermission, nameof(managementPermission));
}
protected internal PermissionDefinition(
diff --git a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs
index 83ffda1f80..e517c400c4 100644
--- a/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs
+++ b/framework/src/Volo.Abp.Authorization.Abstractions/Volo/Abp/Authorization/Permissions/PermissionDefinitionContext.cs
@@ -94,11 +94,14 @@ public class PermissionDefinitionContext : IPermissionDefinitionContext
public virtual PermissionDefinition AddResourcePermission(
string name,
string resourceName,
+ string managementPermission,
ILocalizableString? displayName = null,
MultiTenancySides multiTenancySide = MultiTenancySides.Both,
bool isEnabled = true)
{
Check.NotNull(name, nameof(name));
+ Check.NotNull(resourceName, nameof(resourceName));
+ Check.NotNull(managementPermission, nameof(managementPermission));
if (ResourcePermissions.ContainsKey(name))
{
@@ -108,6 +111,7 @@ public class PermissionDefinitionContext : IPermissionDefinitionContext
var permission = new PermissionDefinition(
name,
resourceName,
+ managementPermission,
displayName,
multiTenancySide,
isEnabled)
diff --git a/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs b/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs
index 5ed46f261e..c1923ea0d3 100644
--- a/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs
+++ b/framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/TestServices/Resources/AuthorizationTestResourcePermissionDefinitionProvider.cs
@@ -8,7 +8,9 @@ public class AuthorizationTestResourcePermissionDefinitionProvider : PermissionD
{
public override void Define(IPermissionDefinitionContext context)
{
- var permission1 = context.AddResourcePermission("MyResourcePermission1", resourceName: TestEntityResource.ResourceName);
+ context.AddGroup("TestEntityManagementPermissionGroup").AddPermission("TestEntityManagementPermission");
+
+ var permission1 = context.AddResourcePermission("MyResourcePermission1", resourceName: TestEntityResource.ResourceName, managementPermission: "TestEntityManagementPermission");
Assert.Throws(() =>
{
permission1.AddChild("MyResourcePermission1.ChildPermission1");
@@ -16,12 +18,12 @@ public class AuthorizationTestResourcePermissionDefinitionProvider : PermissionD
permission1.StateCheckers.Add(new TestRequireEditionPermissionSimpleStateChecker());;
permission1[PermissionDefinitionContext.KnownPropertyNames.CurrentProviderName].ShouldBe(typeof(AuthorizationTestResourcePermissionDefinitionProvider).FullName);
- context.AddResourcePermission("MyResourcePermission2", resourceName: typeof(TestEntityResource).FullName!);
- context.AddResourcePermission("MyResourcePermission3", resourceName: typeof(TestEntityResource).FullName!);
- context.AddResourcePermission("MyResourcePermission4", resourceName: typeof(TestEntityResource).FullName!);
- context.AddResourcePermission("MyResourcePermission5", resourceName: typeof(TestEntityResource).FullName!);
- context.AddResourcePermission("MyResourcePermission6", resourceName: typeof(TestEntityResource).FullName!).WithProviders(nameof(TestResourcePermissionValueProvider1));
- context.AddResourcePermission("MyResourcePermission7", resourceName: typeof(TestEntityResource).FullName!).WithProviders(nameof(TestResourcePermissionValueProvider2));
+ context.AddResourcePermission("MyResourcePermission2", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission3", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission4", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission5", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission6", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission").WithProviders(nameof(TestResourcePermissionValueProvider1));
+ context.AddResourcePermission("MyResourcePermission7", resourceName: typeof(TestEntityResource).FullName!, managementPermission: "TestEntityManagementPermission").WithProviders(nameof(TestResourcePermissionValueProvider2));
context.GetResourcePermissionOrNull("MyResourcePermission1").ShouldNotBeNull();
}
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs
index ea0017a544..dd24d436be 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application.Contracts/Volo/Abp/PermissionManagement/IPermissionAppService.cs
@@ -12,9 +12,9 @@ public interface IPermissionAppService : IApplicationService
Task UpdateAsync([NotNull] string providerName, [NotNull] string providerKey, UpdatePermissionsDto input);
- Task GetResourceProviderKeyLookupServicesAsync();
+ Task GetResourceProviderKeyLookupServicesAsync(string resourceName);
- Task SearchResourceProviderKeyAsync(string serviceName, string filter, int page);
+ Task SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page);
Task GetResourceDefinitionsAsync([NotNull] string resourceName);
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
index 7421cf7fbd..68cdd94773 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@@ -166,9 +166,15 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
}
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
- public virtual async Task GetResourceProviderKeyLookupServicesAsync()
+ public virtual async Task GetResourceProviderKeyLookupServicesAsync(string resourceName)
{
+ var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+ if (!resourcePermissions.Any() ||
+ !await AuthorizationService.IsGrantedAnyAsync(resourcePermissions.Select(p => p.ManagementPermission!).ToArray()))
+ {
+ return new GetResourceProviderListResultDto();;
+ }
+
var lookupServices = await ResourcePermissionManager.GetProviderKeyLookupServicesAsync();
return new GetResourceProviderListResultDto
{
@@ -180,9 +186,15 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
};
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
- public virtual async Task SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+ public virtual async Task SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
{
+ var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+ if (!resourcePermissions.Any() ||
+ !await AuthorizationService.IsGrantedAnyAsync(resourcePermissions.Select(p => p.ManagementPermission!).ToArray()))
+ {
+ return new SearchProviderKeyListResultDto();;
+ }
+
var lookupService = await ResourcePermissionManager.GetProviderKeyLookupServiceAsync(serviceName);
var keys = await lookupService.SearchAsync(filter, page);
return new SearchProviderKeyListResultDto
@@ -195,7 +207,6 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
};
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
public virtual async Task GetResourceDefinitionsAsync(string resourceName)
{
var result = new GetResourcePermissionDefinitionListResultDto
@@ -206,17 +217,19 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
foreach (var resourcePermission in resourcePermissions)
{
- result.Permissions.Add(new ResourcePermissionDefinitionDto()
+ if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
{
- Name = resourcePermission.Name,
- DisplayName = resourcePermission.DisplayName?.Localize(StringLocalizerFactory),
- });
+ result.Permissions.Add(new ResourcePermissionDefinitionDto()
+ {
+ Name = resourcePermission.Name,
+ DisplayName = resourcePermission.DisplayName?.Localize(StringLocalizerFactory),
+ });
+ }
}
return result;
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
public virtual async Task GetResourceAsync(string resourceName, string resourceKey)
{
var result = new GetResourcePermissionListResultDto
@@ -238,11 +251,20 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
foreach (var permission in resourcePermissionGrant.Permissions)
{
- resourcePermissionGrantInfoDto.Permissions.Add(new GrantedResourcePermissionDto()
+ var resourcePermission = resourcePermissions.FirstOrDefault(x => x.Name == permission);
+ if (resourcePermission == null)
{
- Name = permission,
- DisplayName = resourcePermissions.FirstOrDefault(x => x.Name == permission)?.DisplayName?.Localize(StringLocalizerFactory),
- });
+ continue;
+ }
+
+ if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+ {
+ resourcePermissionGrantInfoDto.Permissions.Add(new GrantedResourcePermissionDto()
+ {
+ Name = permission,
+ DisplayName = resourcePermission?.DisplayName.Localize(StringLocalizerFactory),
+ });
+ }
}
result.Permissions.Add(resourcePermissionGrantInfoDto);
@@ -251,7 +273,6 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
return result;
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
public virtual async Task GetResourceByProviderAsync(string resourceName, string resourceKey, string providerName, string providerKey)
{
var result = new GetResourcePermissionWithProviderListResultDto
@@ -259,35 +280,54 @@ public class PermissionAppService : ApplicationService, IPermissionAppService
Permissions = new List()
};
+ var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
var resourcePermissionGrants = await ResourcePermissionManager.GetAllAsync(resourceName, resourceKey, providerName, providerKey);
- foreach (var resourcePermission in resourcePermissionGrants)
+ foreach (var resourcePermissionGrant in resourcePermissionGrants)
{
- result.Permissions.Add(new ResourcePermissionWithProdiverGrantInfoDto
+ var resourcePermission = resourcePermissions.FirstOrDefault(x => x.Name == resourcePermissionGrant.Name);
+ if (resourcePermission == null)
+ {
+ continue;
+ }
+
+ if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
{
- Name = resourcePermission.Name,
- DisplayName = (await PermissionDefinitionManager.GetResourcePermissionOrNullAsync(resourcePermission.Name))?.DisplayName.Localize(StringLocalizerFactory),
- IsGranted = resourcePermission.IsGranted
- });
+ result.Permissions.Add(new ResourcePermissionWithProdiverGrantInfoDto
+ {
+ Name = resourcePermissionGrant.Name,
+ DisplayName = resourcePermission?.DisplayName.Localize(StringLocalizerFactory),
+ IsGranted = resourcePermissionGrant.IsGranted
+ });
+ }
}
return result;
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
public virtual async Task UpdateResourceAsync(string resourceName, string resourceKey, UpdateResourcePermissionsDto input)
{
var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
foreach (var resourcePermission in resourcePermissions)
{
+ if (!await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+ {
+ continue;
+ }
var isGranted = !input.Permissions.IsNullOrEmpty() && input.Permissions.Any(p => p == resourcePermission.Name);
await ResourcePermissionManager.SetAsync(resourcePermission.Name, resourceName, resourceKey, input.ProviderName, input.ProviderKey, isGranted);
}
}
- [Authorize(PermissionManagementPermissions.ManageResourcePermissions)]
public virtual async Task DeleteResourceAsync(string resourceName, string resourceKey, string providerName, string providerKey)
{
- await ResourcePermissionManager.DeleteAsync(resourceName, resourceKey, providerName, providerKey);
+ var resourcePermissions = await ResourcePermissionManager.GetAvailablePermissionsAsync(resourceName);
+ foreach (var resourcePermission in resourcePermissions)
+ {
+ if (await AuthorizationService.IsGrantedAsync(resourcePermission.ManagementPermission!))
+ {
+ await ResourcePermissionManager.DeleteAsync(resourcePermission.Name, resourceName, resourceKey, providerName, providerKey);
+ }
+ }
}
protected virtual async Task CheckProviderPolicy(string providerName)
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs
index 7d449a2f3b..def40865ff 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain.Shared/Volo/Abp/PermissionManagement/PermissionDefinitionRecordConsts.cs
@@ -14,4 +14,6 @@ public class PermissionDefinitionRecordConsts
public static int MaxStateCheckersLength { get; set; } = 256;
public static int MaxResourceNameLength { get; set; } = 256;
+
+ public static int MaxManagementPermissionLength { get; set; } = 128;
}
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs
index 8ce37261af..c6f9030669 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/DynamicPermissionDefinitionStoreInMemoryCache.cs
@@ -53,6 +53,7 @@ public class DynamicPermissionDefinitionStoreInMemoryCache :
{
context.AddResourcePermission(resourcePermission.Name,
resourcePermission.ResourceName,
+ resourcePermission.ManagementPermission,
resourcePermission.DisplayName != null ? LocalizableStringSerializer.Deserialize(resourcePermission.DisplayName) : null,
resourcePermission.MultiTenancySide,
resourcePermission.IsEnabled);
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs
index 8af9cc211a..5bd2d143ca 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/IResourcePermissionManager.cs
@@ -66,6 +66,14 @@ public interface IResourcePermissionManager
string providerKey
);
+ Task DeleteAsync(
+ string name,
+ string resourceName,
+ string resourceKey,
+ string providerName,
+ string providerKey
+ );
+
Task DeleteAsync(
string providerName,
string providerKey
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs
index 0ef2032452..d32e6564d9 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionRecord.cs
@@ -14,6 +14,8 @@ public class PermissionDefinitionRecord : BasicAggregateRoot, IHasExtraPro
public string ResourceName { get; set; }
+ public string ManagementPermission { get; set; }
+
public string ParentName { get; set; }
public string DisplayName { get; set; }
@@ -45,6 +47,7 @@ public class PermissionDefinitionRecord : BasicAggregateRoot, IHasExtraPro
string groupName,
string name,
string resourceName,
+ string managementPermission,
string parentName,
string displayName,
bool isEnabled = true,
@@ -60,6 +63,7 @@ public class PermissionDefinitionRecord : BasicAggregateRoot, IHasExtraPro
}
Name = Check.NotNullOrWhiteSpace(name, nameof(name), PermissionDefinitionRecordConsts.MaxNameLength);
ResourceName = resourceName;
+ ManagementPermission = managementPermission;
ParentName = Check.Length(parentName, nameof(parentName), PermissionDefinitionRecordConsts.MaxNameLength);
DisplayName = Check.NotNullOrWhiteSpace(displayName, nameof(displayName), PermissionDefinitionRecordConsts.MaxDisplayNameLength);
IsEnabled = isEnabled;
@@ -78,6 +82,16 @@ public class PermissionDefinitionRecord : BasicAggregateRoot, IHasExtraPro
return false;
}
+ if (ResourceName != otherRecord.ResourceName)
+ {
+ return false;
+ }
+
+ if (ManagementPermission != otherRecord.ManagementPermission)
+ {
+ return false;
+ }
+
if (GroupName != otherRecord.GroupName)
{
return false;
@@ -128,6 +142,16 @@ public class PermissionDefinitionRecord : BasicAggregateRoot, IHasExtraPro
Name = otherRecord.Name;
}
+ if (ResourceName != otherRecord.ResourceName)
+ {
+ ResourceName = otherRecord.ResourceName;
+ }
+
+ if (ManagementPermission != otherRecord.ManagementPermission)
+ {
+ ManagementPermission = otherRecord.ManagementPermission;
+ }
+
if (GroupName != otherRecord.GroupName)
{
GroupName = otherRecord.GroupName;
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs
index e5df5201cd..723c93c847 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer.cs
@@ -87,6 +87,7 @@ public class PermissionDefinitionSerializer : IPermissionDefinitionSerializer, I
permissionGroup?.Name,
permission.Name,
permission.ResourceName,
+ permission.ManagementPermission,
permission.Parent?.Name,
LocalizableStringSerializer.Serialize(permission.DisplayName),
permission.IsEnabled,
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs
index c6e48db75a..515aa11918 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManager.cs
@@ -332,6 +332,15 @@ public class ResourcePermissionManager : IResourcePermissionManager, ISingletonD
}
}
+ public virtual async Task DeleteAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey)
+ {
+ var permissionGrant = await ResourcePermissionGrantRepository.FindAsync(name, resourceName, resourceKey, providerName, providerKey);
+ if (permissionGrant != null)
+ {
+ await ResourcePermissionGrantRepository.DeleteAsync(permissionGrant, true);
+ }
+ }
+
public virtual async Task DeleteAsync(string providerName, string providerKey)
{
var permissionGrants = await ResourcePermissionGrantRepository.GetListAsync(providerName, providerKey);
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs
index fa9fa6de12..ae43f779a2 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.EntityFrameworkCore/Volo/Abp/PermissionManagement/EntityFrameworkCore/AbpPermissionManagementDbContextModelBuilderExtensions.cs
@@ -72,13 +72,13 @@ public static class AbpPermissionManagementDbContextModelBuilderExtensions
b.Property(x => x.GroupName).HasMaxLength(PermissionGroupDefinitionRecordConsts.MaxNameLength);
b.Property(x => x.Name).HasMaxLength(PermissionDefinitionRecordConsts.MaxNameLength).IsRequired();
b.Property(x => x.ResourceName).HasMaxLength(PermissionDefinitionRecordConsts.MaxResourceNameLength);
+ b.Property(x => x.ManagementPermission).HasMaxLength(PermissionDefinitionRecordConsts.MaxManagementPermissionLength);
b.Property(x => x.ParentName).HasMaxLength(PermissionDefinitionRecordConsts.MaxNameLength);
- b.Property(x => x.DisplayName).HasMaxLength(PermissionDefinitionRecordConsts.MaxDisplayNameLength)
- .IsRequired();
+ b.Property(x => x.DisplayName).HasMaxLength(PermissionDefinitionRecordConsts.MaxDisplayNameLength).IsRequired();
b.Property(x => x.Providers).HasMaxLength(PermissionDefinitionRecordConsts.MaxProvidersLength);
b.Property(x => x.StateCheckers).HasMaxLength(PermissionDefinitionRecordConsts.MaxStateCheckersLength);
- b.HasIndex(x => new { x.Name }).IsUnique();
+ b.HasIndex(x => new { x.ResourceName, x.Name }).IsUnique();
b.HasIndex(x => new { x.GroupName });
b.ApplyObjectExtensionMappings();
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs
index fc1e851bae..bd6e2c5e8e 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/Volo/Abp/PermissionManagement/PermissionsClientProxy.Generated.cs
@@ -46,15 +46,19 @@ public partial class PermissionsClientProxy : ClientProxyBase GetResourceProviderKeyLookupServicesAsync()
+ public virtual async Task GetResourceProviderKeyLookupServicesAsync(string resourceName)
{
- return await RequestAsync(nameof(GetResourceProviderKeyLookupServicesAsync));
+ return await RequestAsync(nameof(GetResourceProviderKeyLookupServicesAsync), new ClientProxyRequestTypeValue
+ {
+ { typeof(string), resourceName }
+ });
}
- public virtual async Task SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+ public virtual async Task SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
{
return await RequestAsync(nameof(SearchResourceProviderKeyAsync), new ClientProxyRequestTypeValue
{
+ { typeof(string), resourceName },
{ typeof(string), serviceName },
{ typeof(string), filter },
{ typeof(int), page }
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json
index 2907378292..8b95d9be21 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi.Client/ClientProxies/permissionManagement-generate-proxy.json
@@ -181,7 +181,16 @@
},
{
"name": "GetResourceProviderKeyLookupServicesAsync",
- "parametersOnMethod": [],
+ "parametersOnMethod": [
+ {
+ "name": "resourceName",
+ "typeAsString": "System.String, System.Private.CoreLib",
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null
+ }
+ ],
"returnValue": {
"type": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto",
"typeSimple": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto"
@@ -190,6 +199,14 @@
{
"name": "SearchResourceProviderKeyAsync",
"parametersOnMethod": [
+ {
+ "name": "resourceName",
+ "typeAsString": "System.String, System.Private.CoreLib",
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null
+ },
{
"name": "serviceName",
"typeAsString": "System.String, System.Private.CoreLib",
@@ -592,14 +609,36 @@
"allowAnonymous": null,
"implementFrom": "Volo.Abp.PermissionManagement.IPermissionAppService"
},
- "GetResourceProviderKeyLookupServicesAsync": {
- "uniqueName": "GetResourceProviderKeyLookupServicesAsync",
+ "GetResourceProviderKeyLookupServicesAsyncByResourceName": {
+ "uniqueName": "GetResourceProviderKeyLookupServicesAsyncByResourceName",
"name": "GetResourceProviderKeyLookupServicesAsync",
"httpMethod": "GET",
"url": "api/permission-management/permissions/resource-provider-key-lookup-services",
"supportedVersions": [],
- "parametersOnMethod": [],
- "parameters": [],
+ "parametersOnMethod": [
+ {
+ "name": "resourceName",
+ "typeAsString": "System.String, System.Private.CoreLib",
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null
+ }
+ ],
+ "parameters": [
+ {
+ "nameOnMethod": "resourceName",
+ "name": "resourceName",
+ "jsonName": null,
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null,
+ "constraintTypes": null,
+ "bindingSourceId": "ModelBinding",
+ "descriptorName": ""
+ }
+ ],
"returnValue": {
"type": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto",
"typeSimple": "Volo.Abp.PermissionManagement.GetResourceProviderListResultDto"
@@ -607,13 +646,21 @@
"allowAnonymous": null,
"implementFrom": "Volo.Abp.PermissionManagement.IPermissionAppService"
},
- "SearchResourceProviderKeyAsyncByServiceNameAndFilterAndPage": {
- "uniqueName": "SearchResourceProviderKeyAsyncByServiceNameAndFilterAndPage",
+ "SearchResourceProviderKeyAsyncByResourceNameAndServiceNameAndFilterAndPage": {
+ "uniqueName": "SearchResourceProviderKeyAsyncByResourceNameAndServiceNameAndFilterAndPage",
"name": "SearchResourceProviderKeyAsync",
"httpMethod": "GET",
"url": "api/permission-management/permissions/search-resource-provider-keys",
"supportedVersions": [],
"parametersOnMethod": [
+ {
+ "name": "resourceName",
+ "typeAsString": "System.String, System.Private.CoreLib",
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null
+ },
{
"name": "serviceName",
"typeAsString": "System.String, System.Private.CoreLib",
@@ -640,6 +687,18 @@
}
],
"parameters": [
+ {
+ "nameOnMethod": "resourceName",
+ "name": "resourceName",
+ "jsonName": null,
+ "type": "System.String",
+ "typeSimple": "string",
+ "isOptional": false,
+ "defaultValue": null,
+ "constraintTypes": null,
+ "bindingSourceId": "ModelBinding",
+ "descriptorName": ""
+ },
{
"nameOnMethod": "serviceName",
"name": "serviceName",
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs
index b7a9cc2ef5..c1f65e353e 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.HttpApi/Volo/Abp/PermissionManagement/PermissionsController.cs
@@ -36,15 +36,15 @@ public class PermissionsController : AbpControllerBase, IPermissionAppService
}
[HttpGet("resource-provider-key-lookup-services")]
- public virtual Task GetResourceProviderKeyLookupServicesAsync()
+ public virtual Task GetResourceProviderKeyLookupServicesAsync(string resourceName)
{
- return PermissionAppService.GetResourceProviderKeyLookupServicesAsync();
+ return PermissionAppService.GetResourceProviderKeyLookupServicesAsync(resourceName);
}
[HttpGet("search-resource-provider-keys")]
- public virtual Task SearchResourceProviderKeyAsync(string serviceName, string filter, int page)
+ public virtual Task SearchResourceProviderKeyAsync(string resourceName, string serviceName, string filter, int page)
{
- return PermissionAppService.SearchResourceProviderKeyAsync(serviceName, filter, page);
+ return PermissionAppService.SearchResourceProviderKeyAsync(resourceName, serviceName, filter, page);
}
[HttpGet("resource-definitions")]
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs
index 2c6c1a5474..d9828ee661 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/AddResourcePermissionManagementModal.cshtml.cs
@@ -42,7 +42,7 @@ public class AddResourcePermissionManagementModal : AbpPageModel
ValidateModel();
ResourcePermissionDefinitions = await PermissionAppService.GetResourceDefinitionsAsync(ResourceName);
- ResourceProviders = await PermissionAppService.GetResourceProviderKeyLookupServicesAsync();
+ ResourceProviders = await PermissionAppService.GetResourceProviderKeyLookupServicesAsync(ResourceName);
return Page();
}
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs
index c4ac219428..1b1373e017 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml.cs
@@ -39,7 +39,7 @@ public class ResourcePermissionManagementModal : AbpPageModel
HasAnyResourcePermission = (await PermissionAppService.GetResourceDefinitionsAsync(ResourceName)).Permissions.Any();
if (HasAnyResourcePermission)
{
- HasAnyResourceProviderKeyLookupService = (await PermissionAppService.GetResourceProviderKeyLookupServicesAsync()).Providers.Count > 0;
+ HasAnyResourceProviderKeyLookupService = (await PermissionAppService.GetResourceProviderKeyLookupServicesAsync(ResourceName)).Providers.Count > 0;
}
return Page();
}
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js
index 289ac693cf..85154e4086 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/add-resource-permission-management-modal.js
@@ -18,6 +18,7 @@ var abp = abp || {};
dataType: "json",
data: function (params) {
var query = {};
+ query["resourceName"] = $('#ResourceName').val();
query["serviceName"] = $('input[name="AddModel.ProviderName"]:checked').val();
query["page"] = params.page || 1;
query["filter"] = params.term;
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js
index a0de671e4e..893c86ab97 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/wwwroot/client-proxies/permissionManagement-proxy.js
@@ -34,16 +34,16 @@
}, ajaxParams));
};
- volo.abp.permissionManagement.permissions.getResourceProviderKeyLookupServices = function(ajaxParams) {
+ volo.abp.permissionManagement.permissions.getResourceProviderKeyLookupServices = function(resourceName, ajaxParams) {
return abp.ajax($.extend(true, {
- url: abp.appPath + 'api/permission-management/permissions/resource-provider-key-lookup-services',
+ url: abp.appPath + 'api/permission-management/permissions/resource-provider-key-lookup-services' + abp.utils.buildQueryString([{ name: 'resourceName', value: resourceName }]) + '',
type: 'GET'
}, ajaxParams));
};
- volo.abp.permissionManagement.permissions.searchResourceProviderKey = function(serviceName, filter, page, ajaxParams) {
+ volo.abp.permissionManagement.permissions.searchResourceProviderKey = function(resourceName, serviceName, filter, page, ajaxParams) {
return abp.ajax($.extend(true, {
- url: abp.appPath + 'api/permission-management/permissions/search-resource-provider-keys' + abp.utils.buildQueryString([{ name: 'serviceName', value: serviceName }, { name: 'filter', value: filter }, { name: 'page', value: page }]) + '',
+ url: abp.appPath + 'api/permission-management/permissions/search-resource-provider-keys' + abp.utils.buildQueryString([{ name: 'resourceName', value: resourceName }, { name: 'serviceName', value: serviceName }, { name: 'filter', value: filter }, { name: 'page', value: page }]) + '',
type: 'GET'
}, ajaxParams));
};
diff --git a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs
index 5d7833ad0f..cfec0d27a2 100644
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/CalculateHash_Tests.cs
@@ -35,7 +35,7 @@ public class CalculateHash_Tests: PermissionTestBase
json.ShouldNotContain(id.ToString("D"));
json = JsonSerializer.Serialize(new List()
{
- new PermissionDefinitionRecord(id, "Test", "Test", "Test", "Test", "Test")
+ new PermissionDefinitionRecord(id, "Test", "Test", "Test", "Test", "Test", "Test")
},
jsonSerializerOptions);
json.ShouldNotContain("\"Id\"");
diff --git a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs
index 231626de72..1e15360a6a 100644
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.Domain.Tests/Volo/Abp/PermissionManagement/PermissionDefinitionSerializer_Tests.cs
@@ -88,6 +88,7 @@ public class PermissionDefinitionSerializer_Tests : PermissionTestBase
var resourcePermission1 = context.AddResourcePermission(
"ResourcePermission1",
TestEntityResource.ResourceName,
+ "Permission1",
new LocalizableString(typeof(AbpPermissionManagementResource), "ResourcePermission1"),
MultiTenancySides.Tenant
)
@@ -110,6 +111,7 @@ public class PermissionDefinitionSerializer_Tests : PermissionTestBase
permissionRecord.Name.ShouldBe("ResourcePermission1");
permissionRecord.GroupName.ShouldBe(null);
permissionRecord.ResourceName.ShouldBe(TestEntityResource.ResourceName);
+ permissionRecord.ManagementPermission.ShouldBe("Permission1");
permissionRecord.DisplayName.ShouldBe("L:AbpPermissionManagement,ResourcePermission1");
permissionRecord.GetProperty("CustomProperty2").ShouldBe("CustomValue2");
permissionRecord.Providers.ShouldBe("ProviderA,ProviderB");
diff --git a/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs b/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs
index e255419313..2d5a4d5d99 100644
--- a/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs
+++ b/modules/permission-management/test/Volo.Abp.PermissionManagement.TestBase/Volo/Abp/PermissionManagement/TestResourcePermissionDefinitionProvider.cs
@@ -7,20 +7,22 @@ public class TestResourcePermissionDefinitionProvider : PermissionDefinitionProv
{
public override void Define(IPermissionDefinitionContext context)
{
- context.AddResourcePermission("MyResourcePermission1", TestEntityResource.ResourceName);
- context.AddResourcePermission("MyResourceDisabledPermission1", TestEntityResource.ResourceName, isEnabled: false);
- context.AddResourcePermission("MyResourcePermission2", TestEntityResource.ResourceName);
- context.AddResourcePermission("MyResourcePermission3", TestEntityResource.ResourceName, multiTenancySide: MultiTenancySides.Host);
- context.AddResourcePermission("MyResourcePermission4", TestEntityResource.ResourceName, multiTenancySide: MultiTenancySides.Host).WithProviders(UserPermissionValueProvider.ProviderName);
+ context.AddGroup("TestEntityManagementPermissionGroup").AddPermission("TestEntityManagementPermission");
- var myPermission5 = context.AddResourcePermission("MyResourcePermission5", TestEntityResource.ResourceName);
+ context.AddResourcePermission("MyResourcePermission1", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourceDisabledPermission1", TestEntityResource.ResourceName, "TestEntityManagementPermission", isEnabled: false);
+ context.AddResourcePermission("MyResourcePermission2", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission3", TestEntityResource.ResourceName, "TestEntityManagementPermission", multiTenancySide: MultiTenancySides.Host);
+ context.AddResourcePermission("MyResourcePermission4", TestEntityResource.ResourceName, "TestEntityManagementPermission", multiTenancySide: MultiTenancySides.Host).WithProviders(UserPermissionValueProvider.ProviderName);
+
+ var myPermission5 = context.AddResourcePermission("MyResourcePermission5", TestEntityResource.ResourceName, "TestEntityManagementPermission");
myPermission5.StateCheckers.Add(new TestRequireRolePermissionStateProvider("super-admin"));
- context.AddResourcePermission("MyResourcePermission6", TestEntityResource.ResourceName);
+ context.AddResourcePermission("MyResourcePermission6", TestEntityResource.ResourceName, "TestEntityManagementPermission");
- context.AddResourcePermission("MyResourceDisabledPermission2", TestEntityResource.ResourceName, isEnabled: false);
+ context.AddResourcePermission("MyResourceDisabledPermission2", TestEntityResource.ResourceName, "TestEntityManagementPermission", isEnabled: false);
- context.AddResourcePermission("MyResourcePermission7", TestEntityResource.ResourceName);
- context.AddResourcePermission("MyResourcePermission8", TestEntityResource.ResourceName);
+ context.AddResourcePermission("MyResourcePermission7", TestEntityResource.ResourceName, "TestEntityManagementPermission");
+ context.AddResourcePermission("MyResourcePermission8", TestEntityResource.ResourceName, "TestEntityManagementPermission");
}
}