Hi Guys,
I've built an authorization interceptor that runs prior to method execution and checks if the executing user has the required permission for that method.
If they don't have the required permission, I would like to stop the method from executing and return an error message to the UI explaining that the user lacks the required permission.
In my first use case, I'm calling a modal (from a datatables row action) that displays a list of records, and the list fetching method is an intercepted method. Here is my current code:
JS Action calling the Controller to open the modal
action: function (data) {
_manageACLModal.open({ entityid: data.record.id, entityname: data.record.name });
}
Controller Method for calling the modal and fetching the records list
public PartialViewResult ManageACLModal(Guid EntityId, string EntityName)
{
ListResultDto<GetACLForEditOutput> EntityACL = null;
ACLCheckDto aCLCheckDto = new ACLCheckDto()
{
Action = "Share",
EntityId = EntityId,
UserId = AbpSession.UserId,
OrgId = null
};
EntityACL = _ACLsAppService.GetACLForEdit(aCLCheckDto);
GetACLForView getACLForEditOutput = new GetACLForView()
{
EntityId = EntityId,
EntityName = EntityName,
EntityACL = EntityACL
};
var viewModel = new ManageACLModalViewModel(getACLForEditOutput);
return PartialView("_ManageACLModal", viewModel);
}
Authorization Interceptor
public void Intercept(IInvocation invocation)
{
var Arguments = invocation.Arguments;
ACLCheckDto aCLCheckDto = (ACLCheckDto)Arguments[0];
if (_ACLManager.CheckAccess(aCLCheckDto))
{
invocation.Proceed();
}
else
{
throw new UserFriendlyException("Unauthorized Request!", "You are trying call a function you're not permitted to use.");
}
}
The interceptor is successfully called and runs its authorization check, fails the check then throws the UserFriendlyException. However the generic error message is displayed in the front end. I've looked through ABP's documentation and the forums but haven't been able to find anything that shed's light on why the custom message doesn't display.
Hi guys,
I'm trying to use the Metronic Dropdowns as seen here: https://keenthemes.com/metronic/preview/?page=components/base/dropdown&demo=default
I've replicated the code as shown in the demo but the dropdown functionality isn't working, which will be js driven? There seems to be a js file used in the demo site, dropdown.js, that whilst present in .net zeros source files, isn't included in the views?
Do I need to include the file in a js bundle, and if so, how do I do this, or do I need to do something else to include dropdown.js?
Thanks,
David
Hi Guys,
We're working on a function that needs to create or update records across 4 different entities.
When running each CreateOrEdit method synchronously we were receiving an "Existing task is running on the same context" error, and when running each CreateOrEdit method asynchronously, the DB context gets disposed of after the completion of the first method, thus raising "DBcontext disposed of" errors in the subsequent method calls.
We have tried implementing different unit of work methods around the CreateOrEdit method calls, to varying degrees of success, but really need all of the methods to operate under a single transaction, as all are required to succeed in order to continue.
If anyone has worked with a scenario like this before and can explain how to make this work or if there is a direction we can be pointed in, any help would be greatly appreciated.
Hi guys,
We've recently run through an exercise in updating the .Net Zero version of our project, as outlined here.
We've gone from 5.2.0 to 5.5.1 to 5.6.1. Swagger and API calls via Postman both worked previously when we were using 5.2.0 but now when trying to access Swagger we get an ERR_CONNECTION_REFUSED, and when we try and access an API method through Postman, for example, <a class="postlink" href="https://localhost:44359/api/TokenAuth/Authenticate">https://localhost:44359/api/TokenAuth/Authenticate</a>, Postman gives a "Could not get any response" message. We suspect that while these are two separate issues that they are in some way related?
Our application services are working via API within the application itself, just not through other methods as specified.
We also noticed that changes were made to Swagger during version 5.3.0, due to the adding of the Authorisation button? We're tried to add the changes, as detailed here, isn't working - these two issues are present:
// Enable middleware to serve swagger-ui assets (HTML, JS, CSS etc.)
app.UseSwaggerUI(options =>
{
//options.
options.InjectOnCompleteJavaScript("/swagger/ui/abp.js"); <- ERROR: SwaggerUi doesn't contain a definition for InjectOnCompleteJavaScript
options.InjectOnCompleteJavaScript("/swagger/ui/on-complete.js"); <- ERROR: SwaggerUi doesn't contain a definition for InjectOnCompleteJavaScript
options.SwaggerEndpoint(_appConfiguration["App:ServerRootAddress"] + "/swagger/v1/swagger.json", "Falcon API V1");
options.IndexStream = () => Assembly.GetExecutingAssembly()
.GetManifestResourceStream("Syntaq.Falcon.Web.Host.wwwroot.swagger.ui.index.html");
}); //URL: /swagger
And
// Define the BearerAuth scheme that's in use
options.AddSecurityDefinition("bearerAuth", new ApiKeyScheme()
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey"
});
// Assign scope requirements to operations based on AuthorizeAttribute
options.OperationFilter<SecurityRequirementsOperationFilter>(); <- ERROR: The type or namespace 'SecurityRequirementsOperationFilter' could not be found.
Has anyone else come across this issue and resolved it?
Thanks,
David
Hi guys,
We're building a view wherein the logged in user can interact with data associated with a given Organization Unit. The user can select from a drop-down different OUs (that they have a membership for).
What we are trying to do is to load/reload a partial view when the user selects an OU from the drop-down.
We need to know what pattern to construct an authorized ajax call to return a partial view (not just a datatable).
The AJAX Method
$('#TeamSelectionCombo').change(function (e) {
if ($(this).val() !== "") {
$.ajax({
url: '/Falcon/Teams/TeamPartial',
type: 'GET',
success: function (partialViewResult) {
$(".m-content").html(partialViewResult);
}
});
}
});
The Controller Method
public ActionResult TeamPartial()
{
return PartialView("_TeamPartial");
}
Does anyone have experience with or know how to load and reload partial views via ajax? Any pointers or existing system examples greatly appreciated.
Thanks,
David
Hi Guys,
We're in the process of building a custom entity for mapping roles between users and organization units. We're experiencing issues when trying to insert multiple rows into the DB.
Our initial approach was to loop through each item and insert it, then save changes. The issue we encountered here was that only the last item processed by the loop would insert into the DB.
We've since tried moving the insertion and save into a separate method, which is called each time from the loop. Additionally, we reset the entity and CreatorUserIds to 0, so that they get re-autogenerated on insertion. The behavior that we are now experiencing is that when inserting three items, the first and last items insert into the DB, but the second items errors with the following message:
{"Cannot insert explicit value for identity column in table 'SfaTeamUserRoles' when IDENTITY_INSERT is set to OFF."} System.Exception {System.Data.SqlClient.SqlException}
As we understand it, IDENTITY_INSERT is to do with whether or not the table in question has an autogenerating PK - if it does, an ID should not be supplied into the insert. We're resetting the ID to 0 as the repository insert then seems to generate/receive an auto-id needed for the insertion. As mentioned, this works for the first and last items, but not the second. See the relevant classes below:
public async Task AssignOrUpdateRoles(CreateOrUpdateTeamUserRoleInput input)
{
var teamUserRole = ObjectMapper.Map<TeamUserRole>(input.TeamUser);
input.AssignedTeamUserRoles.Where(n => n.Assigned == "true").ToList().ForEach(async i =>
{
teamUserRole.Id = 0;
teamUserRole.CreatorUserId = null;
teamUserRole.TenantId = AbpSession.TenantId;
teamUserRole.RoleId = i.Id;
await AssignRoles(teamUserRole);
}
);
}
private async Task AssignRoles(TeamUserRole teamUserRole)
{
try
{
await _teamUserRoleRepository.InsertAsync(teamUserRole);
_unitOfWorkManager.Current.SaveChanges();
}
catch (DbUpdateException e)
{
SqlException s = e.InnerException.InnerException as SqlException;
}
}
[Table("SfaTeamUserRoles")]
public class TeamUserRole : AuditedEntity<long> , IMayHaveTenant
{
public int? TenantId { get; set; }
public virtual int RoleId { get; set; }
public virtual long OrganizationUnitId { get; set; }
public virtual long UserId { get; set; }
}
Is there a different repository method we should be using, or a different way of processing the data?
Thanks,
David
Hi guys,
We downloaded the Metronic 5.1 files from the .Net Zero download page, then copied the tools folder into the Metronic folder within our .Net Zero project.
We’ve then followed the steps outlined by Metronic documentation as follows: From within the tools folder we’ve: • Run npm install --global npm@latest • Run npm install --global yarn • Run npm install --global gulp-cli • Run yarn install • Run gulp –prod
After this point the file structure outlined by Metronic is different to the Metronic structure in .Net Zero From within the dist/default and dist/default/assets folders we’ve: • Run npm install <- this struggles to find all the right dependencies • Run ng serve <- this fails completely
Changes made colors in src/sass/framework/_config.scss and src/sass/demo/default/_framework-config.scss files have no visible effect even when gulp –prod is run again after applying the changes.
Are there different steps we need to take into account with regards to the .Net Zero differences of the Metronic implementation?