Use roles to group permissions in DB #498

klainer created 8 years ago

Hello, I´m traing to do role permission managment. So I created custom permissions:

var administration = context.CreatePermission("Administration", new LocalizableString("Administration", "MND"));

            var pageManagement = administration.CreateChildPermission("Administration.PageManagement", new LocalizableString("PageManagement", "TT"));
            pageManagement.CreateChildPermission("Administration.PageManagement.DeletePage", new LocalizableString("Delteting", "TT"));
            pageManagement.CreateChildPermission("Administration.PageManagement.CreatePage", new LocalizableString("Creating", "TT"));
            pageManagement.CreateChildPermission("Administration.PageManagement.EditPage", new LocalizableString("Editing", "MND"));

            var roleManagement = administration.CreateChildPermission("Administration.RoleManagement", new LocalizableString("RoleManagement", "TT"));
            roleManagement.CreateChildPermission("Administration.RoleManagement.DeleteRole", new LocalizableString("Delteting", "TT"));
            roleManagement.CreateChildPermission("Administration.RoleManagement.CreateRole", new LocalizableString("Creating", "TT"));
            roleManagement.CreateChildPermission("Administration.RoleManagement.EditRole", new LocalizableString("Editing", "TT"));

I want to store information about granted permissions for ROLE in DB like you have it in ABP.Zero.

For that I used RoleAppService:

public async Task UpdateRolePermissions(UpdateRolePermissionsInput input)
        {
            var role = await _roleManager.GetRoleByIdAsync(input.RoleId);
            var grantedPermissions = _permissionManager
                .GetAllPermissions()
                .Where(p => input.GrantedPermissionNames.Contains(p.Name))
                .ToList();

            await _roleManager.SetGrantedPermissionsAsync(role, grantedPermissions);
        }

Input data: RoleId: X GrantedPermissionNames: Administration, Administration.RoleManagement, Administration.RoleManagement.DeleteRole

When i change permissions by UpdateRolePermissions , where are chnages strored ? If they are not stored what is purpose od this method ?

But when i call this method nothing is happen. In db (AbpPermissions) are not any changes. What I´m doing wrong ? Thnks !

Update: I notice, tahat after calling these method:
SetGrantedPermissionsAsync(role, grantedPermissions); GrantPermissionAsync(role, VARIABLE); ProhibitAllPermissionsAsync(role);

I also try this, but permission do not savr to db:/

public async Task UpdateRolePermissions(UpdateRolePermissionsInput input)
        {
            var role = await _roleManager.GetRoleByIdAsync(input.RoleId);
            var grantedPermissions = _permissionManager
                .GetAllPermissions()
                .Where(p => input.GrantedPermissionNames.Contains(p.Name))
                .ToList();



            if (role != null)
            {
                if (grantedPermissions.Count > 0)
                {

                    foreach (var item in grantedPermissions)
                    {
                         _roleStore.AddPermissionAsync(role, new PermissionGrantInfo(item.Name, false));
                         //_roleManager.GrantPermissionAsync(role, item);
                    }

               
                }
                else
                {
                     await _roleManager.ProhibitAllPermissionsAsync(role);
                }
            }

        }

DB table [AbpPermissions] completly freeze.. After call these methods in the sql managment studio cannot select items. ABP LOCK this table ? Some Bug ?

9 Answer(s)

0

klainer created 8 years ago

SOLVED by await before every async CALL :D :) I got DEDLOCK,more info: <a class="postlink" href="http://blog.stephencleary.com/2012/07/dont-block-on-async-code.html">http://blog.stephencleary.com/2012/07/d ... -code.html</a>
0

papinaser created 8 years ago

<cite>klainer: </cite> SOLVED by await before every async CALL :D :) I got DEDLOCK,more info: <a class="postlink" href="http://blog.stephencleary.com/2012/07/dont-block-on-async-code.html">http://blog.stephencleary.com/2012/07/d ... -code.html</a>

Hi. I cann't understand permission and role in abp Module Zero . I have your problem too. Can you get me information about how permission and roles works based on abp Module Zero? Thanks you
0
hikalkan created 8 years ago
Support Team
Have you read all documents:

Authorization: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a>

Role management: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/Role-Management">http://www.aspnetboilerplate.com/Pages/ ... Management</a>

I think I can not explain it in more detail. If you have specific question, you can ask.
0
papinaser created 8 years ago
<cite>hikalkan: </cite> Have you read all documents:

Authorization: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a>

Role management: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/Role-Management">http://www.aspnetboilerplate.com/Pages/ ... Management</a>

I think I can not explain it in more detail. If you have specific question, you can ask.

Yes, I read these documents and I use module zero template for my project. But when I add a Role and set this for my user manually in db (AbpRoles,AbpUserRoles tables)
Then I set for that role ,one of my project permissions manually in db (AbpPermissions table) In my controller method I use PermissionChecker.Authorize("TestPer") for check user permission. I have Required permissions are not granted. At least one of these permissions must be granted: TestPer ERROR. I clear browser cache but same error again. I trace my code and abp code and abp.zero code, finally I found that in method GetPermissionsAsync(int roleId) of abpRoleStore class (AbpZero Project) , this code : _rolePermissionSettingRepository.GetAllListAsync return 0 count always. can you help me about this problem. thanks you.
0

hikalkan created 8 years ago
Support Team

Can you share your database entries (you can add screenshots of tables for example). Also, ABP caches permissions, you may need to recycle your app (in debug, you can stop debugging and rebuild your solution to reset your app).
0

papinaser created 8 years ago

Hi. I clean and rebuild my web project but same problem again. these attached files are the images of tables. I don't know how share cache permissions ... thank you.
0

hikalkan created 8 years ago
Support Team

Discriminator field must be RolePermissionSetting in AbpPermissions table. TestPer is an invalid value.
0

papinaser created 8 years ago

THANKS a lot solved by change Discriminator value to RolePermissionSetting.
0

djrot created 8 years ago

In an application with Dynamic permissions Should be usefull to have a button to copy a group " with all related permissions on tables" This is nice when have many tables.

Have an answer to this question? Log in and write your answer.