Scenario: We would like to associate each customer company with a tenant in order to bundle users and seperate access to data. We would like to define different permissions to protectect parts of a web page. We would like to reuse the roles across the different tenants.
Propose solution Tenant 1 used for customer a Tenant 2 used for customer b
Role A( TenantId NULL), Permission 1 (TenantId NULL) Role B( TenantId NULL), Permission 2 (TenantId NULL)
Customer a(TenantId 1), role A Customer b(TenantId 2), role A
When the 'customer a' user logs in, the isGranted(Permission 1) is always false unless a seperate role is created with the same TenantId as the customer user. (role, user, user account, and permission also needs to be associated with the same TenantId).
But this leeds to many roles covering the same permission(s), namely that each customer needs to have the same role defined to cover the same permission(s). Is there another way around this?? Maybe a isGranted method that does not take tenantId into account, but just checks that a user is associated to role with a permission, not using the tenantId filter?
I hope it makes sense :)
Cheers Kim
3 Answer(s)
-
0
Hi,
If you want that behaviour, you can override UserManager's IsGrantedAsync method and implement it as you like, see <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/src/Abp.Zero/Authorization/Users/AbpUserManager.cs#L149">https://github.com/aspnetboilerplate/mo ... er.cs#L149</a>
We didn't do it like that because each tenant can create custom roles as they want.
Thanks.
-
0
Hi ismcagdas, Thanks for the reply. I have tried to override the functionality in UserManager, but invoking even simple things seems to result in a hanging process. E.g.
public override Task<bool> IsGrantedAsync(long userId, Permission permission) { var permissionGrantInfo = this.AbpStore.GetPermissionsAsync(userId).Result; return base.IsGrantedAsync(userId, permission); }Is it illigal to call this.AbpStore.GetPermissionsAsync(userId).Result; in the UserManager? I have triede several other invocations, but they all end in a hanging process. Same behaviour in 1.5.x and 2.0.2.
If I leave this in as the only code, then it works as normal. return base.IsGranted(...)
Br Kim
-
0
The problem is a mistake in the signature of the overriding method. Namely a missing async.
public override async Task<bool> IsGrantedAsync(long userId, Permission permission) { }Now, onto making the actual functionality in the IsGrantedAsync.
Cheers
