Our application has different editions, features and feature dependent permissions. When a tenant on one edition performs an action that causes tenants on other editions to receive notifications (by design), the other tenants' role permissions gets corrupted.
As far as I can determine, if a user is not in the permission cache, the notification will load the permissions, but only a subset matching the permissions relevant to the tenant who sent the notification. If the user logs in he will then have no functionality and an admin needs to log in to reasign those permissions. Admin rights seem to remain unaffected as they are not feature/edition dependent and the subset still matches for them. Notifications will then again corrupt permissions.
I can also replicate this in my unit tests. A significant share of them fail, but they all pass by disabling publishing the notifications by commenting below code:
await _notificationPublisher.PublishAsync(AppNotificationNames.ProgrammeCreated, notificationData, excludedUserIds: new UserIdentifier[] { new UserIdentifier(excludeUserTenant, excludeUserId) }, tenantIds: parties);
I have not made any changes to the notifications.
I am still on 7.1, but haven't seen anything in the release notes, issues or forum to suggest that it is an issue anyone else has or that has been fixed since 7.1
Any suggestions? Many thanks
6 Answer(s)
-
0
bump...
-
0
Hi @feloff
Is it possible to share a unit test for us to reproduce this problem ?
-
0
I'll see if I can replicate in a demo project and send you the code.
-
0
Code that replicates the issue from a clean demo project sent to [email protected]
-
0
bump
-
0
Hi,
Sorry for the delay. This issue has been addressed in https://github.com/aspnetboilerplate/aspnetboilerplate/issues/5184 and fixed. It will be released with ABP 5.2.