Activities of "OutdoorEd"

Removing the await _signInManager.SignOutAsync(); makes the back button usable again. Is there a way to show the user a message 'you don't have permissions' instead of redirecting him to the login page?

The IActionResult expects a view. What should I return as View? On first sight, the user is still being redirected to the login page.

Using 11.0 NetCore iQuery & MVC

Your Abp package version: .7.0.1 Your base framework: .Net Framework or .Net Core: .NET 6

When a user doesn't have the required permissions a AbpAuthorizationException is thrown and the user is being logged out. Is there a way to change this behavior? For example show an 'you don't have access to this page' screen rather than logging the user out?

My controller code:

 [AbpMvcAuthorize(AppPermissions.Pages_CommunicationLog_Index)]
        // GET: Incidents/CommunicationLogs
        public ActionResult Index()
        {

            return View();
        }

User is logged out if he doesn't have the Pages_CommunicationLog_Index permission and tries to visit the page.

WARN  2022-08-17 09:31:04,689 [orker] Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Required permissions are not granted. At least one of these permissions must be granted: Index
   at Abp.Authorization.PermissionCheckerExtensions.AuthorizeAsync(IPermissionChecker permissionChecker, Boolean requireAll, String[] permissionNames)
   at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
   at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
   at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
   at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)

I am using 11.01 MVC .NET Core 6 but this recommendation applies to all versions.

Some UI elements that are short can be handled very effectively in a modal, for example creating a new User. Other things like Permissions can easily move into hundreds of rows of checboxes in a complex app. Out of the box ANZ has 50+ Permissions defined. I have another 450. This makes scrolling in a modal quite cumbersome and the user can never get a holistic picture of what Permissions exist. I know that there are instructions for how to turn modals into pages. I am suggesting that Volosoft adds a built-in configuration toggle in the Appearance settings to allow developers to select Modal or Page for all of 'out-of-the-box' modals.

Ver. 11.0 MVC .Net Core

I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?

The login images are part of the Metronic 8 Theme from www.keenthemes.com that is the underlying theme for ASPNETZERO,

Rick

11.0 MVC .net core

For importing Users with the Excel Template, there are only these fields listed: UserName* Name* Surname* EmailAddress* PhoneNumber Password* AssignedRoleNames (comma seperated)

A client has asked if things like Require Password Reset can be included. Currently after the import, this has to be done on each individual user record. Are there other fields which can be added to the Excel Template to bulk populate the AbpUser table?

This code is used directly in this case in the controller.

We are using ASP.NET Zero v11 and we're running into an issue where the CreatorUserId is not being filled in.

The application doesn't use the service classes for its custom work. The entities inherit from FullAuditedEntity which includes CreatorUserId. In our code, we create such an entity using a mapping from a view model. In the below code, Statement is an entity that inherits from FullAuditedEntity. IStatementRepository gets injected. private readonly IStatementRepository _repoStatement;

var theEntity = _objectMapper.Map(model);

theEntity.Statement = model.Statement.CleanHtml();

await _repoStatement.InsertAsync(witnessStatementEntity);

The repo:

public interface IStatementRepository : IRepository<Statement, Guid> { }

<br> public classStatementRepository : OE_TenantRepositoryBase<Statement, Guid>, IStatementRepository {     public StatementRepository(IDbContextProvider<OE_TenantDbContext> dbContextProvider) : base(dbContextProvider)     {     } }

<br/> In an old(er) version of the codebase, so based on an older version of ASP.NET Zero, without setting the value for the CreatorUserId, this seemed to work fine and so the framework set this value automatically. However, in the current version, this seems not to be the case anymore.

We can set the value manually before calling the insert on the repo but if the entity inherits from FullAuditedEntity, shouldn't this value be set automatically by the framework? If so (which it's not doing right now), can this be enabled somehow?