Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Feature dependent role permissions removed on notification from tenant with different features #8039


User avatar
0
feloff created

Our application has different editions, features and feature dependent permissions. When a tenant on one edition performs an action that causes tenants on other editions to receive notifications (by design), the other tenants' role permissions gets corrupted.

As far as I can determine, if a user is not in the permission cache, the notification will load the permissions, but only a subset matching the permissions relevant to the tenant who sent the notification. If the user logs in he will then have no functionality and an admin needs to log in to reasign those permissions. Admin rights seem to remain unaffected as they are not feature/edition dependent and the subset still matches for them. Notifications will then again corrupt permissions.

I can also replicate this in my unit tests. A significant share of them fail, but they all pass by disabling publishing the notifications by commenting below code:

await _notificationPublisher.PublishAsync(AppNotificationNames.ProgrammeCreated, notificationData, excludedUserIds: new UserIdentifier[] { new UserIdentifier(excludeUserTenant, excludeUserId) }, tenantIds: parties);

I have not made any changes to the notifications.

I am still on 7.1, but haven't seen anything in the release notes, issues or forum to suggest that it is an issue anyone else has or that has been fixed since 7.1

Any suggestions? Many thanks


6 Answer(s)
  • User Avatar
    0
    feloff created

    bump...

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @feloff

    Is it possible to share a unit test for us to reproduce this problem ?

  • User Avatar
    0
    feloff created

    I'll see if I can replicate in a demo project and send you the code.

  • User Avatar
    0
    feloff created

    Code that replicates the issue from a clean demo project sent to [email protected]

  • User Avatar
    0
    feloff created

    bump

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Sorry for the delay. This issue has been addressed in https://github.com/aspnetboilerplate/aspnetboilerplate/issues/5184 and fixed. It will be released with ABP 5.2.