Base solution for your next web application
Open Closed

Assign permissions to roles in multi-tenancy environment #191


User avatar
0
darwinrc created

Good day,

I'm trying to assign permissions to roles in a multi-tenancy environment following ModuleZeroSampleProject. In the InitialDataBuilder I see the following code:

context.Permissions.Add(new RolePermissionSettings{RoleId = adminRoleForDefaultTenant.Id, Name = "CanDeleteAnswers", IsGranted = true});

My problem is that I must creates the roles and permissions for each tenant. I can create the role using the RolManager, but I can't figure out a way to assign the related permissions to those roles outside the InitialDataBuilder, taking into account that it should be dynamically generated after creating each tenant.

Thanks in advance.


6 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    We can create static roles and a default admin user for newly created tenant. If you're asking "how I can obtain all permissions dynamically", then you can use RoleManager's GrantAllPermissionsAsync method.

    In ASP.NET Iteration Zero (aspnetzero.com), I do the following things when creating a new tenant:

    • Create the tenant
    • Create static roles for this new tenant (my static roles are Admin and User)
    • Grant all permissions for Admin role
    • Set User role as default
    • Create an admin user and assign to Admin role.
    • (optionally) send an activation email to admin's email

    Here, there is an important thing to do.. After creating the tenant, we should do

    CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, tenant.Id);

    to make User and Role Manager's use new tenant for user operations.

    After all and saving changes, we should restore the parameter value:

    CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, AbpSession.TenantId);

  • User Avatar
    0
    darwinrc created

    Hello, hikalkan

    Thanks for your quick answer.

    I managed to do what you explained in the post, but I keep having a doubt regarding it: Can you please show me a snippet example for granting permissions for a role in that context of the tenant? That's where I don't know how to do it since in ModuleZeroSampleProject it's done in the seeds using de DBContext.

    Thanks again for your help.

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Don't mind seed stuff, since it's just about db migration.

    This is the related part in AspNet Zero's code:

    //...
                //Create tenant
                var tenant = new Tenant(input.TenancyName, input.Name) { IsActive = input.IsActive };
                await TenantManager.CreateAsync(tenant);
                await CurrentUnitOfWork.SaveChangesAsync(); //To get new tenant's id.
    
                //We are working entities of new tenant, so changing tenant filter
                CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, tenant.Id);
    
                //Create static roles for new tenant
                await _roleManager.CreateStaticRoles(tenant.Id);
                
                await CurrentUnitOfWork.SaveChangesAsync(); //To get static role ids
    
                //grant all permissions to admin role
                var adminRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.Admin);
                await _roleManager.GrantAllPermissionsAsync(adminRole);
    
                //User role should be default
                var userRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.User);
                userRole.IsDefault = true;
                await _roleManager.UpdateAsync(userRole);
    
               //...
    
  • User Avatar
    0
    darwinrc created

    Hi, hikalkan

    await _roleManager.CreateStaticRoles(tenant.Id);
    

    Can't understand where are the static roles to create for the tenant. I need to create, e.g. "Leader", "Seller", "Admin", "Agent" roles for each tenant.

    Thanks a lot!

  • User Avatar
    0
    hikalkan created
    Support Team

    Why don't you just use _roleManager.Create if you don't know static roles?

    You can use CreateStaticRoles method if you define your static roles in PreInitialize of your module. Example:

    Configuration.Modules.Zero().RoleManagement.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Tenants.Admin,
                        MultiTenancySides.Tenant)
                    );
    
  • User Avatar
    0
    darwinrc created

    I see now,

    I'll try to implement it and let you know.

    Thanks a lot!