Open Closed

Seeding Permissions #405


0
ddnils created

Hi there, i would like to seed permissions into my database. Since there is no IPermissionDefinitionContext available when working with InitialDataBuilder, I do not know how to do that. Do I have to create my own AuthorizationProvider for that? Any advice would be awesome.


4 Answer(s)
  • 0
    hikalkan created

    Use PermissionFinder static class. Example:

    //Grant all permissions
                    var permissions = PermissionFinder
                        .GetAllPermissions(new AppAuthorizationProvider())
                        .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Tenant))
                        .ToList();
    
                    foreach (var permission in permissions)
                    {
                        if (!permission.IsGrantedByDefault)
                        {
                            _context.Permissions.Add(
                                new RolePermissionSetting
                                {
                                    Name = permission.Name,
                                    IsGranted = true,
                                    RoleId = adminRoleForDefaultTenant.Id
                                });
                        }
                    }
    
  • 0
    ddnils created

    Thank you, that worked (though I am not able to use IPermissionDefinitionContext).

    I have set up Permission "Administration" like so: _context.Permissions.Add(new RolePermissionSetting { Name = "Administration", IsGranted = true, RoleId = 2 });

    But when adding the Permission to NavigationProvider, like this: context.Manager.MainMenu .AddItem( new MenuItemDefinition( "Administration", new LocalizableString("Administration", "[MyAppName]"), // I use the Const here icon: "fa fa-cogs", requiresAuthentication: true, requiredPermissionName: "Administration" ));

    I see an error in Developer Tools: http://localhost:6334/AbpScripts/GetScripts Failed to load resource: the server responded with a status of 500 (Internal Server Error)

    Logs say this: ERROR 2015-10-13 10:20:08,845 [9 ] .Mvc.Controllers.AbpHandleErrorAttribute - Abp.AbpException: There is no permission with name: Administration

    DB looks like this: 3 Administration True 13.10.2015 10:18:07 NULL 3 NULL RolePermissionSetting 4 Administration True 13.10.2015 10:18:07 NULL 4 NULL RolePermissionSetting

    Something is still missing here, any advice?

  • 0
    ddnils created

    So it seems I did misunderstand Permissions persistence.

    I thought the permissions created through AuthorizationProvider.SetPermissions would be persisted inside AbpPermissions. But it seems they have to be created inside my AuthorizationProvider. For me that's a little strange. Why don't you persist the Names and Localisations to the Database (i.e. AbpPermissionNames)?

    Also the error handling for the navigation menu (NavigationProvider) feels awkward. GetScripts fails completely when the Permission cannot be found. Would you mind, if I change this in Github? Or open an Issue on this?

  • 0
    hikalkan created

    You can create issue on Github to discuss menu thing. Why don't we persist permission names into database? Because it's not true. A "permission definition" is a programmatic stuff and should be in the code, it's not data. If you didn't get the idea, I can explain a bit more.