Use Lazy for principal and guard empty permissions

3 days ago · fdae1e3fb9
2 changed files with 20 additions and 23 deletions
--- a/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs
+++ b/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs
@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.Security.Claims;
 using Volo.Abp.DependencyInjection;
@ -9,10 +10,21 @@ namespace Volo.Abp.Identity;
 public class FakeCurrentPrincipalAccessor : ThreadCurrentPrincipalAccessor
 {
    private readonly IdentityTestData _testData;
+    private readonly Lazy<ClaimsPrincipal> _principal;

    public FakeCurrentPrincipalAccessor(IdentityTestData testData)
    {
        _testData = testData;
+        _principal = new Lazy<ClaimsPrincipal>(() => new ClaimsPrincipal(
+            new ClaimsIdentity(
+                new List<Claim>
+                {
+                    new Claim(AbpClaimTypes.UserId, _testData.UserAdminId.ToString()),
+                    new Claim(AbpClaimTypes.UserName, "administrator"),
+                    new Claim(AbpClaimTypes.Email, "administrator@abp.io")
+                }
+            )
+        ));
    }

    protected override ClaimsPrincipal GetClaimsPrincipal()
@ -20,30 +32,8 @@ public class FakeCurrentPrincipalAccessor : ThreadCurrentPrincipalAccessor
        return GetPrincipal();
    }

-    private ClaimsPrincipal _principal;
-
    private ClaimsPrincipal GetPrincipal()
    {
-        if (_principal == null)
-        {
-            lock (this)
-            {
-                if (_principal == null)
-                {
-                    _principal = new ClaimsPrincipal(
-                        new ClaimsIdentity(
-                            new List<Claim>
-                            {
-                                new Claim(AbpClaimTypes.UserId, _testData.UserAdminId.ToString()),
-                                new Claim(AbpClaimTypes.UserName, "administrator"),
-                                new Claim(AbpClaimTypes.Email, "administrator@abp.io")
-                            }
-                        )
-                    );
-                }
-            }
-        }
-
-        return _principal;
+        return _principal.Value;
    }
 }
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@ -417,12 +417,19 @@ public class PermissionAppService : ApplicationService, IPermissionAppService

    protected virtual async Task FilterInputPermissionsByCurrentUserAsync(UpdatePermissionsDto input)
    {
+        if (input.Permissions.IsNullOrEmpty())
+        {
+            input.Permissions = Array.Empty<UpdatePermissionDto>();
+            return;
+        }
+
        var currentUserPermissions = await PermissionChecker.IsGrantedAsync(input.Permissions.Select(p => p.Name).ToArray());
        var grantedPermissions = currentUserPermissions.Result
            .Where(x => x.Value == PermissionGrantResult.Granted)
            .Select(x => x.Key)
            .ToHashSet();

+        // Filters the input DTO in-place to only include manageable permissions.
        input.Permissions = input.Permissions.Where(x => grantedPermissions.Contains(x.Name)).ToArray();
    }
 }