Hi Guys,
I've built an authorization interceptor that runs prior to method execution and checks if the executing user has the required permission for that method.
If they don't have the required permission, I would like to stop the method from executing and return an error message to the UI explaining that the user lacks the required permission.
In my first use case, I'm calling a modal (from a datatables row action) that displays a list of records, and the list fetching method is an intercepted method. Here is my current code:
JS Action calling the Controller to open the modal
action: function (data) {
_manageACLModal.open({ entityid: data.record.id, entityname: data.record.name });
}
Controller Method for calling the modal and fetching the records list
public PartialViewResult ManageACLModal(Guid EntityId, string EntityName)
{
ListResultDto<GetACLForEditOutput> EntityACL = null;
ACLCheckDto aCLCheckDto = new ACLCheckDto()
{
Action = "Share",
EntityId = EntityId,
UserId = AbpSession.UserId,
OrgId = null
};
EntityACL = _ACLsAppService.GetACLForEdit(aCLCheckDto);
GetACLForView getACLForEditOutput = new GetACLForView()
{
EntityId = EntityId,
EntityName = EntityName,
EntityACL = EntityACL
};
var viewModel = new ManageACLModalViewModel(getACLForEditOutput);
return PartialView("_ManageACLModal", viewModel);
}
Authorization Interceptor
public void Intercept(IInvocation invocation)
{
var Arguments = invocation.Arguments;
ACLCheckDto aCLCheckDto = (ACLCheckDto)Arguments[0];
if (_ACLManager.CheckAccess(aCLCheckDto))
{
invocation.Proceed();
}
else
{
throw new UserFriendlyException("Unauthorized Request!", "You are trying call a function you're not permitted to use.");
}
}
The interceptor is successfully called and runs its authorization check, fails the check then throws the UserFriendlyException. However the generic error message is displayed in the front end. I've looked through ABP's documentation and the forums but haven't been able to find anything that shed's light on why the custom message doesn't display.
- Does the Controller need to do something to handle the custom error?
- Or does the JS need to do something to handle the custom error?
- Or does the error need to be throw at a different location? i.e. not from the interceptor? If so, how does the interceptor stop the method execution?
5 Answer(s)
-
0
What is the http return message from the browser when you throw an exception in the interceptor? (status code and response body)
-
0
Hi @maliming
On throwing the UserFriendlyException a 500 error is being returned to the browser (and the request fails to complete)
Thanks
-
0
Take a look at this document https://aspnetboilerplate.com/Pages/Documents/Handling-Exceptions#ajax-requests
-
0
I've looked at that document previosuly, and it doesn't help to clarify the situation.
Reading through it and the associated links, it details an abp ajax call can be made like so:
abp.ajax({ url: '/People/SavePerson', data: JSON.stringify(newPerson) }).done(function(data) { abp.notify.success('Created new person with id = ' + data.personId); });
And any errors returning from this can be handled and displayed via the abp.message.error function.
However the modal isn't called via an ajax method as show above, it's called via the action function of a datatable:
action: function (data) { _manageACLModal.open({ entityid: data.record.id, entityname: data.record.name }); }
How do you check for a returning error from this call method?
-
1
You can intercept XMLHttpRequest.