default permission upon creation of a new tenant #6339 | Support Center

BobIngham created 5 years ago

When creating a new tenant with TenantManager.CreateWithAdminUserAsync what is the best practise for creating permissions following the creation of static roles? The method creates my static roles thus:

CheckErrors(await _roleManager.CreateStaticRoles(tenant.Id));
await _unitOfWorkManager.Current.SaveChangesAsync(); //To get static role ids

I have a static role called "Carer" and in my TenantRoleAndUserBuilder.CreateRolesAndUsers method I have the following code block:

var carerRole = _context.Roles.IgnoreQueryFilters().FirstOrDefault(r => r.TenantId == _tenantId && r.Name == StaticRoleNames.Tenants.Carer);
if (carerRole == null)
{
    carerRole = _context.Roles.Add(new Role(_tenantId, StaticRoleNames.Tenants.Carer, StaticRoleNames.Tenants.Carer) { IsStatic = true, IsDefault = true }).Entity;
    _context.SaveChanges();

    //Grant selected permissions to carer role
    var permissions = PermissionFinder
        .GetAllPermissions(new AppAuthorizationProvider(false))
        .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Tenant))
        .ToList();

    foreach (var permission in permissions.OrderBy(m => m.Name))
    {
        if (
            permission.Name == "Pages.Tenant.Dashboard" ||
            permission.Name == "Pages.Tenant.Dashboard.FormSubmissionActivityChart" ||
            permission.Name == "Pages.NcEntities" ||
            permission.Name == "Pages.NcEntity.Display" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FluidPieChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FoodChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.SSkinCareBundle" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FormSubmissionActivityChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FormSubmissionActivityByStaffChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.WarningsBarChart" ||
            permission.Name == "Pages.NcEntity.Display.Profile" ||
            permission.Name == "Pages.NcEntity.Display.Profile.Metrics" ||
            permission.Name == "Pages.NcEntity.NcCarePlans" ||
            permission.Name == "Pages.NcEntity.NcCarePlan.Display" ||
            permission.Name == "Pages.NcEntity.NcWarnings" ||
            permission.Name == "Pages.NcEntity.NcWarning.Display" ||
            permission.Name == "Pages.NcEntity.Display.FormSubmissions" ||
            permission.Name == "Pages.NcEntity.Display.Media")
        {
            _context.Permissions.Add(
                new RolePermissionSetting
                {
                    TenantId = _tenantId,
                    Name = permission.Name,
                    IsGranted = true,
                    RoleId = carerRole.Id
                });
        }
    }
    _context.SaveChanges();
}

Using DRY principles, what is the best way to refactor this code?

Go to accepted answer

4 Answer(s)

1

ryancyq created 5 years ago
Support Team

Hi, there is GrantedPermissionsproperty in StaticRoleDefintion that you can use when defining a static role.

You can call RoleManager.SetGrantedPermissionsAsync(staticRole.GrantedPermissions) after CreateStaticRoles(tenant.Id)

BobIngham created 5 years ago

@ryancyq, I'm not sure what you mean. Where is StaticRoleDefintion? I have this in StaticRoleNames.cs :

    public static class StaticRoleNames
    {
        public static class Host
        {
            public const string Admin = "Admin";
        }

        public static class Tenants
        {
            public const string Admin = "Admin";

            public const string Carer = "Carer";

            public const string CareSenior = "Care Senior";

            public const string CareManager = "Care Manager";
        }
    }

and this in AppRoleConfig.cs:

    public static class AppRoleConfig
    {
        public static void Configure(IRoleManagementConfig roleManagementConfig)
        {
            //Static host roles

            roleManagementConfig.StaticRoles.Add(
                new StaticRoleDefinition(
                    StaticRoleNames.Host.Admin,
                    MultiTenancySides.Host,
                    grantAllPermissionsByDefault: true)
                );

            //Static tenant roles

            roleManagementConfig.StaticRoles.Add(
                new StaticRoleDefinition(
                    StaticRoleNames.Tenants.Admin,
                    MultiTenancySides.Tenant,
                    grantAllPermissionsByDefault: true)
                );

            roleManagementConfig.StaticRoles.Add(
                new StaticRoleDefinition(
                    StaticRoleNames.Tenants.Carer,
                    MultiTenancySides.Tenant)
                );

            roleManagementConfig.StaticRoles.Add(
                new StaticRoleDefinition(
                    StaticRoleNames.Tenants.CareSenior,
                    MultiTenancySides.Tenant)
                );

            roleManagementConfig.StaticRoles.Add(
                new StaticRoleDefinition(
                    StaticRoleNames.Tenants.CareManager,
                    MultiTenancySides.Tenant)
                );

        }
    }

To call RoleManager.SetGrantedPermissionsAsync(staticRole.GrantedPermissions) as you have suggested where do I put GrantedPermissions? Could you give me an example?

Furthermore, in the interests of DRY how do I call the same permissions from thye seed process in EntityFrameworkCore?

0

maliming created 5 years ago
Support Team

@bobingham see: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/e0ded5d8702f389aa1f5947d3446f16aec845287/src/Abp.Zero.Common/Zero/Configuration/StaticRoleDefinition.cs#L13

https://github.com/aspnetboilerplate/aspnetboilerplate/blob/964b51078ae9f83494e76043c09e077b68571320/test/Abp.Zero.SampleApp.Tests/Roles/RoleManager_StaticRole_Tests.cs#L27

https://github.com/aspnetboilerplate/aspnetboilerplate/blob/964b51078ae9f83494e76043c09e077b68571320/test/Abp.Zero.SampleApp.Tests/Roles/RoleManager_StaticRole_Tests.cs#L74
0

BobIngham created 5 years ago

@maliming, Excellent, thank you.

Have an answer to this question? Log in and write your answer.