While this is not strictly a bug, its an intersection of functionalities where the expected behavior has not been explicitly designed in a desireable way.
We have a set of permissions, some of which are dependent on specific features.
When disabling the feature for a tenant, all users in the tenant lose the permissions which depend on that feaure (this is expected). When enabling the feature for a tenant, none of the users have those permissions restored - this is the bit which is not clearly defined.
From a users perspective, if the permissions were granted through the assignment of a role (rather than explicit per-user grants) - one would expect the permissions to be restored.
Has the AspNetZero team considered and defined this behavior? If not, can we look at clearly defining this? What would be the best way to implement the behavior I defined above (where permission assignments received through roles are reassessed when necessary)?
Root cause is that when editing permissions for a user, hidden permissions (such as ones that the user cannot see because a missing feature is hiding them) will actually create a "isGranted = 0" record for those hidden permissions. Then, when switching ON the feature that will make that permission possible, it is initially explicitly disabled because of that "isGranted = 0" record.
1 Answer(s)
-
0
Hi @hra
Thank you for your report, could you create an issue on https://github.com/aspnetzero/aspnet-zero-core/issues ? We can take a look at this problem deeply. Normally, as I remember, the permisisons should be restored because they must not be deleted from database when you revoke the faeture from a tenant.
Thanks,