Base solution for your next web application
Open Closed

Can I use Authorization without module-zero project? #922


User avatar
0
winson created

I have my own user table, just want to use the ABP Authorization feature and session, but don't want to implement the module-zero project, can I do that?

thanks!


5 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Then you should implement some interfaces yourself. See auth and session docs, they describe it.

  • User Avatar
    0
    winson created

    Yes, I know, I have solved it, thanks!

  • User Avatar
    0
    klainer created

    Please can you post code which solved your issue? Thanks !

  • User Avatar
    0
    winson created

    <cite>klainer: </cite> Please can you post code which solved your issue? Thanks !

    Actually, I just created a class and implement the AuthorizeAttribute, this can be an attribute for do the accessright control , this is not related with ABP framework, below are some simple code:

    public class AclAttribute : AuthorizeAttribute
        {
           
            public override void OnAuthorization(AuthorizationContext filterContext)
            {
                if (filterContext == null)
                {
                    throw new ArgumentNullException("filterContext");
                }
                
                if (filterContext.HttpContext.Session["User"] == null)
                {
                    filterContext.HttpContext.Session["ReturnAction"] = HttpContext.Current.Request.Url.AbsoluteUri;
    
                    HttpContext.Current.Response.Redirect("/Login");
                }
    
                if (!string.IsNullOrEmpty(this.Roles))
                {
                    var currUser = filterContext.HttpContext.Session["User"] as AdminUser;
    
                    if (currUser == null || !AdminUserAppService.HasAccessRights(this.Roles, currUser.Role))
                    {
                        filterContext.Result = new RedirectToRouteResult(new
                            RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
                    }
                }
    
            }
        }
    }
    

    then you can use it in your controller:

    [Acl(Roles = UserRole.ADMINISTRATOR)]
     public class AdminUserController : ControllerBase
     {
         //.....
    }
    
  • User Avatar
    0
    winson created

    oh, sorry, I missed somethings, and you also need to rewrite the 'DbContext' class with below method:

    protected override void SetCreationAuditProperties(DbEntityEntry entry)
    {
           //your code for handle the creation method user id
           base.SetCreationAuditProperties(entry);
    
                if (entry.Entity is IHasCreationTime)
                {
                    entry.Cast<IHasCreationTime>().Entity.CreationTime = Clock.Now;
                }
    
                if (entry.Entity is ICreationAudited && MPeLifeSession.Instance.UserId.HasValue)
                {
                    entry.Cast<ICreationAudited>().Entity.CreatorUserId =YourProjectSession.Instance.UserId;
                }
    }
    
    protected override void SetModificationAuditProperties(DbEntityEntry entry)
            {
                base.SetModificationAuditProperties(entry);
    
                if (entry.Entity is IHasModificationTime)
                {
                    entry.Cast<IHasModificationTime>().Entity.LastModificationTime = Clock.Now;
                }
    
                if (entry.Entity is IModificationAudited && MPeLifeSession.Instance.UserId.HasValue)
                {
                    entry.Cast<IModificationAudited>().Entity.LastModifierUserId = YourProjectSession.Instance.UserId;
                }
            }
    

    for the

    YourProjectSession.Instance.UserId;
    

    you need to create a class for handle your user session:

    public class YourProjectSession : IAbpSession, ISingletonDependency
        {
            /// <summary>
            /// Singleton instance.
            /// </summary>
            public static YourProjectSession Instance { get { return SingletonInstance; } }
            private static readonly YourProjectSession SingletonInstance = new YourProjectSession();
    
            public long? UserId { get; set; }
    
            public int? TenantId { get; set; }
    
            public long? ImpersonatorUserId { get; set; }
    
            public int? ImpersonatorTenantId { get; set; }
    
            public MultiTenancySides MultiTenancySide
            {
                get
                {
                    throw new NotImplementedException();
                }
            }
        }