Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

default permission upon creation of a new tenant #6339


User avatar
0
BobIngham created

When creating a new tenant with TenantManager.CreateWithAdminUserAsync what is the best practise for creating permissions following the creation of static roles? The method creates my static roles thus:

CheckErrors(await _roleManager.CreateStaticRoles(tenant.Id));
await _unitOfWorkManager.Current.SaveChangesAsync(); //To get static role ids

I have a static role called "Carer" and in my TenantRoleAndUserBuilder.CreateRolesAndUsers method I have the following code block:

var carerRole = _context.Roles.IgnoreQueryFilters().FirstOrDefault(r => r.TenantId == _tenantId && r.Name == StaticRoleNames.Tenants.Carer);
if (carerRole == null)
{
    carerRole = _context.Roles.Add(new Role(_tenantId, StaticRoleNames.Tenants.Carer, StaticRoleNames.Tenants.Carer) { IsStatic = true, IsDefault = true }).Entity;
    _context.SaveChanges();

    //Grant selected permissions to carer role
    var permissions = PermissionFinder
        .GetAllPermissions(new AppAuthorizationProvider(false))
        .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Tenant))
        .ToList();

    foreach (var permission in permissions.OrderBy(m => m.Name))
    {
        if (
            permission.Name == "Pages.Tenant.Dashboard" ||
            permission.Name == "Pages.Tenant.Dashboard.FormSubmissionActivityChart" ||
            permission.Name == "Pages.NcEntities" ||
            permission.Name == "Pages.NcEntity.Display" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FluidPieChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FoodChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.SSkinCareBundle" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FormSubmissionActivityChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.FormSubmissionActivityByStaffChart" ||
            permission.Name == "Pages.NcEntity.Display.Dashboard.WarningsBarChart" ||
            permission.Name == "Pages.NcEntity.Display.Profile" ||
            permission.Name == "Pages.NcEntity.Display.Profile.Metrics" ||
            permission.Name == "Pages.NcEntity.NcCarePlans" ||
            permission.Name == "Pages.NcEntity.NcCarePlan.Display" ||
            permission.Name == "Pages.NcEntity.NcWarnings" ||
            permission.Name == "Pages.NcEntity.NcWarning.Display" ||
            permission.Name == "Pages.NcEntity.Display.FormSubmissions" ||
            permission.Name == "Pages.NcEntity.Display.Media")
        {
            _context.Permissions.Add(
                new RolePermissionSetting
                {
                    TenantId = _tenantId,
                    Name = permission.Name,
                    IsGranted = true,
                    RoleId = carerRole.Id
                });
        }
    }
    _context.SaveChanges();
}

Using DRY principles, what is the best way to refactor this code?


4 Answer(s)
  • User Avatar
    1
    ryancyq created
    Support Team

    Hi, there is GrantedPermissionsproperty in StaticRoleDefintion that you can use when defining a static role.

    You can call RoleManager.SetGrantedPermissionsAsync(staticRole.GrantedPermissions) after CreateStaticRoles(tenant.Id)

  • User Avatar
    0
    BobIngham created

    @ryancyq, I'm not sure what you mean. Where is StaticRoleDefintion? I have this in StaticRoleNames.cs :

        public static class StaticRoleNames
        {
            public static class Host
            {
                public const string Admin = "Admin";
            }
    
            public static class Tenants
            {
                public const string Admin = "Admin";
    
                public const string Carer = "Carer";
    
                public const string CareSenior = "Care Senior";
    
                public const string CareManager = "Care Manager";
            }
        }
    

    and this in AppRoleConfig.cs:

        public static class AppRoleConfig
        {
            public static void Configure(IRoleManagementConfig roleManagementConfig)
            {
                //Static host roles
    
                roleManagementConfig.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Host.Admin,
                        MultiTenancySides.Host,
                        grantAllPermissionsByDefault: true)
                    );
    
                //Static tenant roles
    
                roleManagementConfig.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Tenants.Admin,
                        MultiTenancySides.Tenant,
                        grantAllPermissionsByDefault: true)
                    );
    
                roleManagementConfig.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Tenants.Carer,
                        MultiTenancySides.Tenant)
                    );
    
                roleManagementConfig.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Tenants.CareSenior,
                        MultiTenancySides.Tenant)
                    );
    
                roleManagementConfig.StaticRoles.Add(
                    new StaticRoleDefinition(
                        StaticRoleNames.Tenants.CareManager,
                        MultiTenancySides.Tenant)
                    );
    
            }
        }
    

    To call RoleManager.SetGrantedPermissionsAsync(staticRole.GrantedPermissions) as you have suggested where do I put GrantedPermissions? Could you give me an example?

    Furthermore, in the interests of DRY how do I call the same permissions from thye seed process in EntityFrameworkCore?

  • User Avatar
    0
    maliming created
    Support Team

    @bobingham see: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/e0ded5d8702f389aa1f5947d3446f16aec845287/src/Abp.Zero.Common/Zero/Configuration/StaticRoleDefinition.cs#L13

    https://github.com/aspnetboilerplate/aspnetboilerplate/blob/964b51078ae9f83494e76043c09e077b68571320/test/Abp.Zero.SampleApp.Tests/Roles/RoleManager_StaticRole_Tests.cs#L27

    https://github.com/aspnetboilerplate/aspnetboilerplate/blob/964b51078ae9f83494e76043c09e077b68571320/test/Abp.Zero.SampleApp.Tests/Roles/RoleManager_StaticRole_Tests.cs#L74

  • User Avatar
    0
    BobIngham created

    @maliming, Excellent, thank you.