isVisibleToClients doesn't take effect in Custom AppSettingProvider. #9465

MellowoodMedical created 3 years ago

I have a custom AppSettingProvider as the code below:

public class PortalSettingProvider : SettingProvider
    {
        private readonly IConfigurationRoot _appConfiguration;
        
        public IdeasSettingProvider(IAppConfigurationAccessor configurationAccessor)
        {
            _appConfiguration = configurationAccessor.Configuration;
        }
        
        public override IEnumerable<SettingDefinition> GetSettingDefinitions(SettingDefinitionProviderContext context)
        {
            return GetDemographicPersonalInfoSettings().Union(GetDemographicOtherSettings())
                .Union(GetPaymentSettings())
        }
        
        ....................
        
        private IEnumerable<SettingDefinition> GetPaymentSettings()
        {
            var paymentSettingsGroup = new SettingDefinitionGroup("Ideas.PatientPortal.Payment", L("PaymentSettings"));
            return new[] {
                new SettingDefinition(PatientPortalSettings.Payment.StripePublicKey,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.StripePrivateKey,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: false, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.PaymentCurrency,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
                new SettingDefinition(PatientPortalSettings.Payment.CultureInfo,
                "", scopes: SettingScopes.Tenant, isVisibleToClients: true, group: paymentSettingsGroup),
            };
        }
        
        .............................

I add then custom provider to the Framework like this:

            ........
            
            //Adding setting providers
            Configuration.Settings.Providers.Add<AppSettingProvider>();
            Configuration.Settings.Providers.Add<PortalSettingProvider>();
            
            ........

I don't want my Payment.StripePrivateKey expose to client, so I set the isVisibleToClients to false, however I still get this value in API call.

What I should do to hide the sensitive info from unauthorized user?

8 Answer(s)

0
maliming created 3 years ago
Support Team
hi

What is your product version?

What is product framework type (.net framework or .net core)?

What is ABP Framework version?

Can you debug to see the ClientVisibilityProvider of the StripePrivateKey setting definition.
0
MellowoodMedical created 3 years ago
Hi maliming, the app is building on ABP Zero 7.2.3 with .net core 2.2. As the code shown above, I didn't add any ClientVisibilityProvider for StripePrivateKey.

new SettingDefinition(PatientPortalSettings.Payment.StripePrivateKey, "", scopes: SettingScopes.Tenant, isVisibleToClients: false, group: paymentSettingsGroup),
0

MellowoodMedical created 3 years ago

By the way, the "isVisibleToClients" is working fine with the default "AppSettingProvider.cs".
0

maliming created 3 years ago
Support Team

hi @MellowoodMedical

Can you create a Zero demo project and reproduce this problem then share with me?
0

ISTeam created 3 years ago

To store and use widget settings for every tenant differently, I have tried above code.

Above code does not store the default settings in the database. So, to store the default settings in the database, I have created repository as mentioned in ticket 5077

And to finally store in the database, added code to store the settings in AppSettings table in project EntityFrameWorkCore => Migrations => Seed => Host => InitialHostDbBuilder.cs like few template setting (e.g. SMTP)

Is it the correct way to store default tenant widget settings in database or it could be simplified?

Thanks
1

maliming created 3 years ago
Support Team

hi @ISTeam

Above code does not store the default settings in the database.

This is by design, you will get the correct value or default value when you try to get the setting

To store and use widget settings for every tenant differently.

Using the settings system is a good choice.
0

ISTeam created 3 years ago

Thank you @maliming for your response.

I searched few tickets and went through code plus documentation for SettingHelpers but I could not read or get a clue that default settings that we define in the app will be stored in database or not?
That's why I tried to store them into the database.

But now I think that, using settings system it would be handled smoothly. I should just define my default settings in code base (application wide as default) and using ISettingManager I can define/update settings for tenant which would be stored by setting system automatically (into database) and will be returned correctly as well next time.

Please let me know if what I unserstood above makes some sense?

Thanks.
1

ismcagdas created 3 years ago
Support Team

Hi @ISTeam

Yes, this is totally correct.

1

Have an answer to this question? Log in and write your answer.