How do a restrict a logged in/authenticated user from making changes to entities they didn't create?
For example, if I have a CustomerAddress entity and repository. And I have an app service method UpdateCustomerAddress , and pass an address id to update, plus the fields to update. How do I restrict that method so that only the CreatorUser of the CustomerAddress can update it? Yes I could use abpsession to pass the user id as well, but that could be compromised in the javascript API calls.
I could create a permission "can update address", but still would need a way to verify that this is their address. Is there a way to find out who called a method?
Help appreciated!
Ah ok - so I am missing something. I was hoping to use it to store that data for an amount of time and prevent frequent slow queries during that time, retrieving from cache instead. Therefore, I guess it is the AbsoluteExpireTime I should be using instead?
Anyone? I'll give you a chocolate biscuit
I am calling the following every 10 seconds as a test:-
var cache = _cacheManager.GetCache("PendingTasksCache");
return _cacheManager
.GetCache("PendingTasksCache")
.Get("pendingtaskscount", () =>
GetPendingTasksCountQuery());
Which in turn calls this:-
private int GetPendingTasksCountQuery()
{
return _ticketRepository.Count(x => x.Status == "Pending")
+ _changeRequestRepository.Count(x => x.Status == "Pending")
+ _contractRepository.Count(x => x.Status == "Pending")
+ _orderRepository.Count(x => x.Status == "Pending");
}
And the cache itself is set like this for a 30 second window ( as a test):-
Configuration.Caching.Configure("PendingTasksCache", cache =>
{
cache.DefaultSlidingExpireTime = TimeSpan.FromSeconds(30);
});
The first time it is called, it fetches the data successfully. But I would expect it to refresh the cache and rebuild the data every 30 seconds. But it never does and never calls GetPendingTasksCountQuery again. Where am I going wrong or what have I misunderstood?
I've secured my API functions with the [AbpAuthorize] attribute. What steps do I need to take to allow an external application to access and call my API functions? And is there something I can test with something like Postman? Apologise for vagueness, but just want to understand the steps involved to get started...
How can I get at and query UserLoginAttempt table? I want to check if an IP has logged in before in the Web module
Is there anything in ABP v1.1.1 that stops Recaptcha from working? Having trouble validating the response ... just get a null when looking for g-recaptcha-response The same code used on a blank MVC template in VS works fine. I've tried turning anti-forgery off in case that is a factor
Is there any way to turn off soft delete? Or rather, turn on hard delete?
I'm an idiot, sorry. Can confirm that was all that was missing
Using v1.0 Trying to implement LDAP using your guide <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/User-Management#ldapactive-directory">http://www.aspnetboilerplate.com/Pages/ ... -directory</a>
I've added those classes to Core When I try to run I get... No component for supporting the service Abp.Zero.Ldap.Configuration.IAbpZeroLdapModuleConfig was found Castle.MicroKernel.ComponentNotFoundException: No component for supporting the service Abp.Zero.Ldap.Configuration.IAbpZeroLdapModuleConfig was found
Any ideas? Have tried updating all ABP packages and wiping Bin directories