Open Closed

SubscribeToAllAvailableNotificationsAsync does not appear to be working from TenantManager when creating a new Tenant from host #10500


0
rickfrankel created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version?
  • 10.3
  • What is your product type (Angular or MVC)?
  • Angular
  • What is product framework type (.net framework or .net core)?
  • .Net Core

If issue related with ABP Framework

  • What is ABP Framework version?
  • 6.3.1

I have a notification defined as follows (simplified)

        context.Manager.Add(
            new NotificationDefinition(
                AppNotificationNames.MyNotification,
                displayName: L("MyNotification"),
                permissionDependency: new SimplePermissionDependency(AppPermissions.Pages_Operations_My_Permission_View)
                )
        );
        
        

What I have found is that the following line in TenantManager:193 await _notificationSubscriptionManager.SubscribeToAllAvailableNotificationsAsync(new UserIdentifier(newTenantId, newAdminId));

Does not actually subscribe to all notifications. It would seem that it only subscribes to notifications that the host account user that is creating the tenant (with admin) also has access to. I have many other notifications defined in the AppNotificationProvider.cs that both the host account has access too and the new admin will also have access to based on permission dependencies and these are added without a problem (Eg: NewUserRegisteredNotificationDefinition).

However in this particular case the host account user does not have access too AppPermissions.Pages_Operations_My_Permission_View and as such it would appear as though the new tenant admin doesn't automatically get subscribed to this notification.

I've gone through the code for the SubscribeToAllAvailableNotificationsAsync and cannot manage to see why this is happening.

Need some help please. Thanks Rick


8 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @rickfrankel

    Could you also share the definition of AppPermissions.Pages_Operations_My_Permission_View permission ? We can try to reproduce this on our side.

    Thanks,

  • 0
    rickfrankel created

    Hi @ismcagdas,

            parentPermission.CreateChildPermission(AppPermissions.Pages_Operations_My_Permission_View, L("MyPermission"), featureDependency: new SimpleFeatureDependency(AppFeatures.OneOfMyAppFeaturesFeature), multiTenancySides: MultiTenancySides.Tenant, properties: forUserRoleProperties);
    

    forUserRoleProperties is my own special property I attach to some permissions

    it is defined as var forUserRoleProperties = new Dictionary<string, object>() { { "ForUserRole", true } };

    The permission itself is a child of this parent permission var parentPermission = pages.CreateChildPermission(AppPermissions.Pages_Operations, L("Operations"), multiTenancySides: MultiTenancySides.Tenant, properties: forUserAndGuestRoleProperties);

    This is the only instance I've seen where something strange like this happens. Everwhere else the permissions are rock solid.

    Thanks Rick

  • 0
    rickfrankel created

    HI @ismcagdas,

    From what I can tell this is failing.

                if (_roleManager.IsGranted(roleId, permission))
                {
                    return true;
                }
                
    

    Even though the role does have permissions to the permission this fails. Another piece of info is that I'm using a centralised Redis cache for my caching. When I check the Redis cache I see no entry for the newly created role in the AbpZeroRolePermissions cache key.

    I do see an entry in the AbpZeroUserPermissions cache key however. So it looks like when the tenant is being created the role that is just created for the new admin user does not have its permissions cached at the time the SubscribeToAllAvailableNotificationsAsync call is made.

    Thanks Rick

  • 0
    rickfrankel created

    Further to the above. I added in this call just before that check. var test = _roleManager.GetGrantedPermissionsAsync(roleId).Result; if (_roleManager.IsGranted(roleId, permission)) { return true; }

                The test returned permissions, HOWEVER they are not the permissions of that role.  They are the permissions of the role I am logged into as the user creating the new tenant.  
                
                Something doesn't appear to be quite right here.
    
  • 0
    musa.demir created
    Support Team

    Hi @rickfrankel

    I created a permission:

    pages.CreateChildPermission(AppPermissions.Pages_Operations_My_Permission_View, L("Pages_Operations_My_Permission_View"));
    

    Then go to notification provider and add new notification:

    namespace MyCompanyName.AbpZeroTemplate.Notifications
    {
        public class AppNotificationProvider : NotificationProvider
        {
            public override void SetNotifications(INotificationDefinitionContext context)
            {
                //...
                context.Manager.Add(
                    new NotificationDefinition(
                        AppNotificationNames.MyNotification,
                        displayName: L("MyNotification"),
                        permissionDependency: new SimplePermissionDependency(AppPermissions.Pages_Operations_My_Permission_View)
                    )
                );
            }
    

    Then I created new tenant using TenantManager's CreateWithAdminUserAsync method. Then I published a notification using following And here is the result

    Can you please check the steps that you may forget? If you followed steps and not able to fix it. Please send a project that contain your problem to support@aspnetzero.com

  • 0
    rickfrankel created

    Hi Musa,

    Thanks for the reponse. Give me a few days to digest it and try and reproduce my issue in the original template and not in my complete project.

    Thanks

  • 0
    rickfrankel created

    Hi Musa,

    Ok I think I can see why you are not seeing the problem.

    pages.CreateChildPermission(AppPermissions.Pages_Operations_My_Permission_View, L("Pages_Operations_My_Permission_View"));

    This permission is likely to also be given to the account you are currently logged in as.

    Can you test again with the permission looking like this.

    pages.CreateChildPermission(AppPermissions.Pages_Operations_My_Permission_View, L("Pages_Operations_My_Permission_View"), multiTenancySides: MultiTenancySides.Tenant);

    That way the host account you are logged in as when you create the tenant won't actually have the permission required to subscribe to that notification (even tho the tenant admin will).

    Thanks Rick

  • 0
    musa.demir created
    Support Team

    Hi @rickfrankel Thanks for the pointing. I changed the required permission to as a tenant permission as you said

    pages.CreateChildPermission(AppPermissions.MyTestPermission, L("MyTestPermission"), multiTenancySides: MultiTenancySides.Tenant);
    
    context.Manager.Add(
        new NotificationDefinition(
            AppNotificationNames.MyTestNotification,
            displayName: L("MyTestNotification"),
            permissionDependency: new SimplePermissionDependency(AppPermissions.MyTestPermission)
        )
    );
    

    Now host user does not have required permission. Then I created a tenant with that host user using TenantManager.CreateWithAdminUserAsync. And it subscribed to new notification as expected.

    Can you share your project or a clean demo project that contains your problem? You can send an e-mail to support@aspnetzero.com