Hello @ismcagdas I have checked the devtools, thanks for the suggestion, some properties are not supported though, like i can not see the dependency tree but it will be okay i believe. I was doing some readings about angular patterns, i have read interesting articles about a different design pattern called scam (single component angular module).
https://dev.to/this-is-angular/emulating-tree-shakable-components-using-single-component-angular-modules-13do https://angular-training-guide.rangle.io/modules/module-scam-pattern
is there any future plans for switching to scam pattern for anz?
Also is there any specific documentation about angular structural design for anz project? it would be helpful to see a doc about how to design the code structure for your shared modules and feature modules, and what naming conventions should be used? When your codebase grows it is becoming difficult to seperate modules and shared modules and when to add a new module. So i believe it would be helpful for everyone to see a documentation, when and how to create a feature module and how to keep them when your code grows.
For ex in current anz project shared modules structure is little bit confusing since it has common.module (the module for singleton services, this one is referring to the core module in angular docs i believe), utilsmodule, appcommon module, appshared module,mainshared module, adminshared module. It is difficult to follow what module is doing what.
when you want to create a new feature module in anz app, what kind of pattern we should use? for ex in admin folder of anz there are some examples but they are so basic, it does not cover the things i am listing below,
some kind of folder structure guidance like in this article can be helpful i believe https://itnext.io/angular-patterns-1-modules-organisation-d3b2224ec4cf
thank you @ismcagdas
Hello @ismcagdas here i created the issue on github you can find the link here. https://github.com/aspnetzero/aspnet-zero-core/issues/3933
Hello @musa.demir probably i couldn't explain it well. If you log in as tenant user, you can not see the change default language action button since there is
<li>
<a href="javascript:;" class="dropdown-item"
*ngIf="'Pages.Administration.Languages.Edit' | permission"
(click)="setAsDefaultLanguage(record)">{{'SetAsDefaultLanguage' | localize}}</a>
</li>
above code block. If you look at *ngIf condition since it is a multitenant application, there is no permission defined for the tenant with the permission 'Pages.Administration.Languages.Edit'.
https://github.com/aspnetzero/aspnet-zero-core/commit/f19577b88825dc983d433ca5fde4031344a1f14e
as i see it here, if it is multitenant application Pages.Administration.Languages.Edit is defined on host not on tenant. so this button will not appear. am i missing sth over here?
Now every thing is crystal clear, thank you super much. So what i did at the end is to create custom filter like AbpAuthorizationFilter and add it in startup.cs, and now i don't need to define my methods in appservice as virtual, and i can use my attribute on other methods also. I always thought that interception is always handled by Castle.Windsor. I can close this incident now. Thank you again.
Thank you for the reply, yes it works when i make the method virtual but can you explain why the method should be virtual for it to work? I wasn't expecting virtual, cause for AbpAuthorize we do not need to make it virtual. Can you elaborate on that?
Hello, here are the steps.
1) to reproduce the problem you can do a get call to https://localhost:44301/api/services/app/MobileOffer/GetOffers
Expected value is unAuthorizedRequest:true in json response since you are not passing any token in the header
What i get is
{ "result": null, "targetUrl": null, "success": false, "error": { "code": 0, "message": "Your request is not valid!", "details": "The following errors were detected during validation.\r\n - A non-empty request body is required.\r\n", "validationErrors": [ { "message": "A non-empty request body is required.", "members": [ "" ] } ] }, "unAuthorizedRequest": false, "__abp": true }
Also I am expecting the [DoohclickAuthorize] attribute should intercept the call and check for AssociateSession, this does not happen either. 2) You can uncomment the convention config from startup.cs in web.host module services.PostConfigure<MvcOptions>(mvcOptions => { mvcOptions.Conventions.RemoveType<AbpAppServiceConvention>(); mvcOptions.Conventions.Add(new DoohclickAppServiceConvention(services)); }); if you do that and do a get call to https://localhost:44301/api/services/app/MobileOffer/GetOffers
then it authorizes the request and returns the method response.
Expected behavior is [DoohclickAuthorize] attribute should intercept the call and check for AssociateSession which will be null and do not authorize the request
Hello again, I have created demo project and add the necessary changes onto it and send it your email address. hope it helps.
Hello @maliming, I think there is a misunderstanding here or sth i didn't understand. I already implemented another authentication middleware with associatebearer. But that authentication logic is different than abp authentication so instead of using AbpSession with this line of code.
if (!AbpSession.UserId.HasValue)
{
throw new AbpAuthorizationException(
LocalizationManager.GetString(AbpConsts.LocalizationSourceName, "CurrentUserDidNotLoginToTheApplication")
);
}
I have created another session object, and created my own AuthorizationHelper, So what i want to do is i want to give some application services different authorization logic which is [DoohclickAuthorize] attribute.
public async Task AuthorizeAsync(IEnumerable<IDoohclickAuthorizeAttribute> authorizeAttributes)
{
if (string.IsNullOrEmpty(_associateSession.AssociateEmail))
{
throw new AbpAuthorizationException(
_localizationManager.GetString(AbpConsts.LocalizationSourceName, "CurrentUserDidNotLoginToTheApplication")
);
}
//foreach (var authorizeAttribute in authorizeAttributes)
//{
// await _permissionChecker.AuthorizeAsync(authorizeAttribute.RequireAllPermissions, authorizeAttribute.Permissions);
//}
}
So if you look at my first post you can see the authentication logic is implemented over there. what i couldn't make is intercepting the request and creating an authorization with custom authorizationhelper.
And when i replace the convention with your convention class and added AbpAllowAnonymous to appservice why it gives me "Your request is not valid!" error? This is sth else i didn't understand.
Hello thank you for the clarification, When i try this if i send the request without bearer i am getting a response like this.
{
"result": null,
"targetUrl": null,
"success": false,
"error": {
"code": 0,
"message": "Your request is not valid!",
"details": "The following errors were detected during validation.\r\n - A non-empty request body is required.\r\n",
"validationErrors": [
{
"message": "A non-empty request body is required.",
"members": [
""
]
}
]
},
"unAuthorizedRequest": false,
"__abp": true
}
but i think what i should get is unAuthorizedRequest:true in my response. And i am expecting to see the interception from my DoohclickAuthorizationInterceptor when i debug but it doesn't goes to the breakpoint over there. I really wonder what i am doing wrong. By the way even if i put AbpAllowAnonymous syntax on the top of my appservice, it gives me the same error. I am trying to call this url when the app is running without token.
https://localhost:44301/api/services/app/MobileOffer/GetOffers?StatusList=1
and here is the input dto for the "GetOffers" method.
public class GetOffersForMobileInput : PagedAndSortedInputDto, IShouldNormalize
{
public string Filter { get; set; }
public List<OfferStatus> StatusList { get; set; }
public void Normalize()
{
if (string.IsNullOrEmpty(Sorting))
{
Sorting = "id DESC";
}
}
}