Good day,
I'm trying to assign permissions to roles in a multi-tenancy environment following ModuleZeroSampleProject. In the InitialDataBuilder I see the following code:
context.Permissions.Add(new RolePermissionSettings{RoleId = adminRoleForDefaultTenant.Id, Name = "CanDeleteAnswers", IsGranted = true});
My problem is that I must creates the roles and permissions for each tenant. I can create the role using the RolManager, but I can't figure out a way to assign the related permissions to those roles outside the InitialDataBuilder, taking into account that it should be dynamically generated after creating each tenant.
Thanks in advance.
6 Answer(s)
-
0
Hi,
We can create static roles and a default admin user for newly created tenant. If you're asking "how I can obtain all permissions dynamically", then you can use RoleManager's GrantAllPermissionsAsync method.
In ASP.NET Iteration Zero (aspnetzero.com), I do the following things when creating a new tenant:
- Create the tenant
- Create static roles for this new tenant (my static roles are Admin and User)
- Grant all permissions for Admin role
- Set User role as default
- Create an admin user and assign to Admin role.
- (optionally) send an activation email to admin's email
Here, there is an important thing to do.. After creating the tenant, we should do
CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, tenant.Id);
to make User and Role Manager's use new tenant for user operations.
After all and saving changes, we should restore the parameter value:
CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, AbpSession.TenantId);
-
0
Hello, hikalkan
Thanks for your quick answer.
I managed to do what you explained in the post, but I keep having a doubt regarding it: Can you please show me a snippet example for granting permissions for a role in that context of the tenant? That's where I don't know how to do it since in ModuleZeroSampleProject it's done in the seeds using de DBContext.
Thanks again for your help.
-
0
Hi,
Don't mind seed stuff, since it's just about db migration.
This is the related part in AspNet Zero's code:
//... //Create tenant var tenant = new Tenant(input.TenancyName, input.Name) { IsActive = input.IsActive }; await TenantManager.CreateAsync(tenant); await CurrentUnitOfWork.SaveChangesAsync(); //To get new tenant's id. //We are working entities of new tenant, so changing tenant filter CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, tenant.Id); //Create static roles for new tenant await _roleManager.CreateStaticRoles(tenant.Id); await CurrentUnitOfWork.SaveChangesAsync(); //To get static role ids //grant all permissions to admin role var adminRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.Admin); await _roleManager.GrantAllPermissionsAsync(adminRole); //User role should be default var userRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.User); userRole.IsDefault = true; await _roleManager.UpdateAsync(userRole); //...
-
0
Hi, hikalkan
await _roleManager.CreateStaticRoles(tenant.Id);
Can't understand where are the static roles to create for the tenant. I need to create, e.g. "Leader", "Seller", "Admin", "Agent" roles for each tenant.
Thanks a lot!
-
0
Why don't you just use _roleManager.Create if you don't know static roles?
You can use CreateStaticRoles method if you define your static roles in PreInitialize of your module. Example:
Configuration.Modules.Zero().RoleManagement.StaticRoles.Add( new StaticRoleDefinition( StaticRoleNames.Tenants.Admin, MultiTenancySides.Tenant) );
-
0
I see now,
I'll try to implement it and let you know.
Thanks a lot!