Black Friday Sale!
Save up to 50% off any plans! Valid from 23 Nov to 30 Nov - Also valid for the existing customers
Open Closed

isVisibleToClients doesn't take effect in Custom AppSettingProvider. #9465


1
MellowoodMedical created

I have a custom AppSettingProvider as the code below:

public class PortalSettingProvider : SettingProvider
    {
        private readonly IConfigurationRoot _appConfiguration;
        
        public IdeasSettingProvider(IAppConfigurationAccessor configurationAccessor)
        {
            _appConfiguration = configurationAccessor.Configuration;
        }
        
        public override IEnumerable<SettingDefinition> GetSettingDefinitions(SettingDefinitionProviderContext context)
        {
            return GetDemographicPersonalInfoSettings().Union(GetDemographicOtherSettings())
                .Union(GetPaymentSettings())
        }
        
        ....................
        
        private IEnumerable<SettingDefinition> GetPaymentSettings()
        {
            var paymentSettingsGroup = new SettingDefinitionGroup("Ideas.PatientPortal.Payment", L("PaymentSettings"));
            return new[] {
                new SettingDefinition(PatientPortalSettings.Payment.StripePublicKey,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.StripePrivateKey,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: false, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.PaymentCurrency,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.CultureInfo,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
            };
        }
        
        .............................
        

I add then custom provider to the Framework like this:

            ........
            
            //Adding setting providers
            Configuration.Settings.Providers.Add<AppSettingProvider>();
            Configuration.Settings.Providers.Add<PortalSettingProvider>();
            
            ........

I don't want my Payment.StripePrivateKey expose to client, so I set the isVisibleToClients to false, however I still get this value in API call.

What I should do to hide the sensitive info from unauthorized user?


8 Answer(s)
  • 0
    maliming created
    Support Team

    hi

    • What is your product version?
    • What is product framework type (.net framework or .net core)?
    • What is ABP Framework version?

    Can you debug to see the ClientVisibilityProvider of the StripePrivateKey setting definition.

  • 0
    MellowoodMedical created

    Hi maliming, the app is building on ABP Zero 7.2.3 with .net core 2.2. As the code shown above, I didn't add any ClientVisibilityProvider for StripePrivateKey.

    new SettingDefinition(PatientPortalSettings.Payment.StripePrivateKey, "", scopes: SettingScopes.Tenant, isVisibleToClients: false, group: paymentSettingsGroup),
    
  • 0
    MellowoodMedical created

    By the way, the "isVisibleToClients" is working fine with the default "AppSettingProvider.cs".

  • 0
    maliming created
    Support Team

    hi @MellowoodMedical

    Can you create a Zero demo project and reproduce this problem then share with me?

  • 0
    ISTeam created

    To store and use widget settings for every tenant differently, I have tried above code.

    Above code does not store the default settings in the database. So, to store the default settings in the database, I have created repository as mentioned in ticket 5077

    And to finally store in the database, added code to store the settings in AppSettings table in project EntityFrameWorkCore => Migrations => Seed => Host => InitialHostDbBuilder.cs like few template setting (e.g. SMTP)

    Is it the correct way to store default tenant widget settings in database or it could be simplified?

    Thanks

  • 1
    maliming created
    Support Team

    hi @ISTeam

    Above code does not store the default settings in the database.

    This is by design, you will get the correct value or default value when you try to get the setting

    To store and use widget settings for every tenant differently.

    Using the settings system is a good choice.

  • 0
    ISTeam created

    Thank you @maliming for your response.

    I searched few tickets and went through code plus documentation for SettingHelpers but I could not read or get a clue that default settings that we define in the app will be stored in database or not?
    That's why I tried to store them into the database.

    But now I think that, using settings system it would be handled smoothly. I should just define my default settings in code base (application wide as default) and using ISettingManager I can define/update settings for tenant which would be stored by setting system automatically (into database) and will be returned correctly as well next time.

    Please let me know if what I unserstood above makes some sense?

    Thanks.

  • 1
    ismcagdas created
    Support Team

    Hi @ISTeam

    Yes, this is totally correct.