Activities of "hikalkan"

Hi,

You should not try to reach HttpContext, css or js files from application services. It's presentation layer work. Just create MVC Controller or WebAPI Controller for that as usual.

Hi,

If these configurations are used on startup of the application, like connection strings, it's good to store them in the web.config (or app.config).

For rest of settings, ABP defines ISettingManager that is used to get and change values. If you are using module-zero, then use ISettingManager. But before you should define your settings. It's not documented yet, but you can see a running example: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/tree/master/sample">https://github.com/aspnetboilerplate/mo ... ter/sample</a> See MySettingProvider for definitions and <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/sample/ModuleZeroSampleProject.Application/Questions/QuestionAppService.cs#L40">https://github.com/aspnetboilerplate/mo ... ice.cs#L40</a> for usage.

If you are not using module-zero, you should implement setting store. Then you can inject and use ISettingManager.

Hi,

Yes, it is (<a class="postlink" href="http://www.martinfowler.com/bliki/AnemicDomainModel.html">http://www.martinfowler.com/bliki/Anemi ... Model.html</a>). But ABP does not force to anemic model. Maybe you're talking about sample projects. They are just simple samples those don't contain any significant business logic. You can implement full domain driven design using ABP. It provides a good infrastructure for that.

Yes, it's for SaaS scenarios. Thanks for the information sharing ;)

Hi,

I could not understand well. What that this module does? Is it open source? Can you share some codes.

Hi Mohamed,

There are three level of security we can provide in angular-side:

1. We should not create menu items if user has no permission to that page. This prevents user to click the menu to enter to the page.
2. We should not define states (or routes) if user has no permission to that page. This prevents user to enter to the page by writing url.
3. We should check permission on every application service method call. This prevents user to access/change data in that page.

A hacker can overcome 1 and 2 by changing javascript code in the client. Nothing to do for that. But he can not call services. Thus, he can not see or change data. He see just only template of the page and it's nothing. This is the actual security.

Hi @etshei,

Thanks a lot. I hope you will use ABP much more :)

First of all, you are in the wrong way. Multi-tenancy is not for that. This should be done with Roles and you should check permissions instead of tenants. Tenancy is completely different topic. If you want to deploy project into one hosting and single database, and two or more hotel will use it, then the answer is multi-tenancy. Thus, every hotel will be it's own admin panel and users. But, that's not your case.

Define two roles: User and Admin. Define permissions to enter the pages. Then assign related permissions to roles. Then assign users to roles. Then check for permissions.

Maybe it's hard you for now since I haven't documented module-zero yet. I will document it soon when I finish fundamental parts. For now, you can check the sample application: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/tree/master/sample">https://github.com/aspnetboilerplate/mo ... ter/sample</a> even it's angularjs, it may help you.

BTW, to get current user and tenant, inject IAbpSession (it's already injected if you derived from ApplicationService in application layer or AbpController in MVC) and get IAbpSession.UserId and IAbpSession.TenantId. Then you can inject IRepository<User> or IRepository<Tenant> and call Get(id) method.

Hi,

I think there are two types of validation:

1. Simply validating format of the DTO properties, like it should not be empty ([Required]), it should be maximum 10 chars ([MaxLEngth(10)])... and so on.. This can be easily done with data annotations and ICustomValide interface of ABP if needed.

2. Validating business rules that may require additional services (like repositories) and a part of business of the application. So, this should be done in a seperated class (that is used by application service by injecting). It may be called Policy or Strategy, like. For example: UserPolicy.CanCreateUserWithName(...) can check for duplication of the user name.

So, both of them have own power and own purpose. They can be used together.

Hi,

Sorry, but I've no time to improve and update Taskever. You can use it as it is.

For schema, see <a class="postlink" href="https://github.com/aspnetboilerplate/taskever/tree/master/src/Taskever.Infrastructure.NHibernate/Data/Migrations">https://github.com/aspnetboilerplate/ta ... Migrations</a> for NHibernate. You can run migrations to create the schema. It uses fluent migrator. See <a class="postlink" href="http://www.codeproject.com/Articles/768664/Introduction-to-ASP-NET-Boilerplate#InfraMigrations">http://www.codeproject.com/Articles/768 ... Migrations</a> if you did not use FluentMigrator before.

First of all, if your application will be public, you should also think about SEO if you're using Angular (Fortunately there are some solutions but you should take care of it).

Actually, it's simple. In the sample app (<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/tree/master/sample">https://github.com/aspnetboilerplate/mo ... ter/sample</a>), you should remove [AbpAuthorize] of the HomeController. Then MVC will not redirect to login.

In your angular application, you should check if user logged in and show some menus/links. You should only authorize needed app service methods, not all.