diff --git a/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs b/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs index 53b1e3cd4e..dabd95dbc3 100644 --- a/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs +++ b/modules/identity/test/Volo.Abp.Identity.Application.Tests/Volo/Abp/Identity/FakeCurrentPrincipalAccessor.cs @@ -1,3 +1,4 @@ +using System; using System.Collections.Generic; using System.Security.Claims; using Volo.Abp.DependencyInjection; @@ -9,10 +10,21 @@ namespace Volo.Abp.Identity; public class FakeCurrentPrincipalAccessor : ThreadCurrentPrincipalAccessor { private readonly IdentityTestData _testData; + private readonly Lazy _principal; public FakeCurrentPrincipalAccessor(IdentityTestData testData) { _testData = testData; + _principal = new Lazy(() => new ClaimsPrincipal( + new ClaimsIdentity( + new List + { + new Claim(AbpClaimTypes.UserId, _testData.UserAdminId.ToString()), + new Claim(AbpClaimTypes.UserName, "administrator"), + new Claim(AbpClaimTypes.Email, "administrator@abp.io") + } + ) + )); } protected override ClaimsPrincipal GetClaimsPrincipal() @@ -20,30 +32,8 @@ public class FakeCurrentPrincipalAccessor : ThreadCurrentPrincipalAccessor return GetPrincipal(); } - private ClaimsPrincipal _principal; - private ClaimsPrincipal GetPrincipal() { - if (_principal == null) - { - lock (this) - { - if (_principal == null) - { - _principal = new ClaimsPrincipal( - new ClaimsIdentity( - new List - { - new Claim(AbpClaimTypes.UserId, _testData.UserAdminId.ToString()), - new Claim(AbpClaimTypes.UserName, "administrator"), - new Claim(AbpClaimTypes.Email, "administrator@abp.io") - } - ) - ); - } - } - } - - return _principal; + return _principal.Value; } } diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs index 4f06f2de93..7cd83916f2 100644 --- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs @@ -417,12 +417,19 @@ public class PermissionAppService : ApplicationService, IPermissionAppService protected virtual async Task FilterInputPermissionsByCurrentUserAsync(UpdatePermissionsDto input) { + if (input.Permissions.IsNullOrEmpty()) + { + input.Permissions = Array.Empty(); + return; + } + var currentUserPermissions = await PermissionChecker.IsGrantedAsync(input.Permissions.Select(p => p.Name).ToArray()); var grantedPermissions = currentUserPermissions.Result .Where(x => x.Value == PermissionGrantResult.Granted) .Select(x => x.Key) .ToHashSet(); + // Filters the input DTO in-place to only include manageable permissions. input.Permissions = input.Permissions.Where(x => grantedPermissions.Contains(x.Name)).ToArray(); } }