Base solution for your next web application
Open Closed

Hide endpoints from Swagger UI according to their permissions and features #8498


User avatar
0
Healthbit created

**I want hide endpoints from Swagger UI according to their permissions and features. I have tried https://support.aspnetzero.com/QA/Questions/4380 code. It works fine for host user but getting following exception when tanent loggedin: **

ObjectDisposedException: Cannot access a disposed object. Object name: 'UserManagerProxy'. Microsoft.AspNetCore.Identity.UserManager.ThrowIfDisposed() Microsoft.AspNetCore.Identity.UserManager.FindByIdAsync(string userId) Castle.Proxies.Invocations.UserManager1_FindByIdAsync.InvokeMethodOnTarget() Castle.DynamicProxy.AbstractInvocation.Proceed() Castle.DynamicProxy.AbstractInvocation.Proceed() Castle.Proxies.UserManagerProxy.FindByIdAsync(string userId) Abp.Authorization.Users.AbpUserManager<TRole, TUser>+<>c__DisplayClass70_0+<<GetUserPermissionCacheItemAsync>b__0>d.MoveNext() in AbpUserManager.cs Abp.Runtime.Caching.CacheExtensions+<>c__DisplayClass9_0<TKey, TValue>+<<GetAsync>b__0>d.MoveNext() Abp.Runtime.Caching.CacheBase.GetAsync(string key, Func<string, Task<object>> factory) in CacheBase.cs Abp.Runtime.Caching.CacheExtensions.GetAsync<TKey, TValue>(ICache cache, TKey key, Func<TKey, Task<TValue>> factory) in CacheExtensions.cs Abp.Authorization.Users.AbpUserManager<TRole, TUser>.GetUserPermissionCacheItemAsync(long userId) in AbpUserManager.cs Abp.Authorization.Users.AbpUserManager<TRole, TUser>.IsGrantedAsync(long userId, Permission permission) in AbpUserManager.cs Abp.Authorization.Users.AbpUserManager<TRole, TUser>.IsGrantedAsync(long userId, string permissionName) in AbpUserManager.cs Abp.Authorization.PermissionChecker<TRole, TUser>.IsGrantedAsync(long userId, string permissionName) in PermissionChecker.cs Abp.Authorization.PermissionChecker<TRole, TUser>.IsGrantedAsync(string permissionName) in PermissionChecker.cs Nito.AsyncEx.Synchronous.TaskExtensions.WaitAndUnwrapException<TResult>(Task<TResult> task) System.Threading.Tasks.ContinuationResultTaskFromResultTask<TAntecedentResult, TResult>.InnerInvoke() System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, object state) System.Threading.Tasks.Task.ExecuteWithThreadLocal(ref Task currentTaskSlot) Nito.AsyncEx.Synchronous.TaskExtensions.WaitAndUnwrapException<TResult>(Task<TResult> task) Nito.AsyncEx.AsyncContext.Run<TResult>(Func<Task<TResult>> action) HB.IQ.Web.Swagger.SwaggerAbpAuthorizeAttributeAuthorizationFilter.IsForbiddenDuePermissions(IEnumerable<AbpAuthorizeAttribute> attributes) in SwaggerAbpAuthorizeAttributeAuthorizationFilter.cs+ ` if (authorizeAttributes.Count != 0) foreach (var authorizeAttribute in authorizeAttributes) permissions.AddRange(authorizeAttribute.Permissions.ToList()); else return true; foreach (var permission in permissions) { var allow = _permissionChecker.IsGranted(permission); if (allow) return false; }``

HB.IQ.Web.Swagger.SwaggerAbpAuthorizeAttributeAuthorizationFilter.Apply(SwaggerDocument swaggerDoc, DocumentFilterContext context) in SwaggerOperationIdFilter.cs +if (actionAbpAuthorizeAttributes.Count > 0) authAttributes = actionAbpAuthorizeAttributes; else if (controllerAbpAuthorizeAttributes.Count > 0) authAttributes = controllerAbpAuthorizeAttributes; // check if this action should be visible var forbiddenDuePermissions = IsForbiddenDuePermissions(authAttributes); if (!forbiddenDuePermissions) continue; // user passed all permissions checks // remove method or entire path (if there are no more methods in this path) switch (description.HttpMethod) Swashbuckle.AspNetCore.SwaggerGen.SwaggerGenerator.GetSwagger(string documentName, string host, string basePath, string[] schemes) Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext) Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext) Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext) Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context) IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) in IdentityServerMiddleware.cs IdentityServer4.Hosting.MutualTlsTokenEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in MtlsTokenEndpointMiddleware.cs Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in BaseUrlMiddleware.cs Abp.AspNetZeroCore.Web.Authentication.JwtBearer.JwtTokenMiddleware+<>c__DisplayClass0_0+<b__0>d.MoveNext() Abp.AspNetZeroCore.Web.Authentication.JwtBearer.JwtTokenMiddleware+<>c__DisplayClass0_0+<b__0>d.MoveNext() Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)


1 Answer(s)