How do a restrict a logged in/authenticated user from making changes to entities they didn't create?
For example, if I have a CustomerAddress entity and repository. And I have an app service method UpdateCustomerAddress , and pass an address id to update, plus the fields to update. How do I restrict that method so that only the CreatorUser of the CustomerAddress can update it? Yes I could use abpsession to pass the user id as well, but that could be compromised in the javascript API calls.
I could create a permission "can update address", but still would need a way to verify that this is their address. Is there a way to find out who called a method?
Help appreciated!
I am calling the following every 10 seconds as a test:-
var cache = _cacheManager.GetCache("PendingTasksCache");
return _cacheManager
.GetCache("PendingTasksCache")
.Get("pendingtaskscount", () =>
GetPendingTasksCountQuery());
Which in turn calls this:-
private int GetPendingTasksCountQuery()
{
return _ticketRepository.Count(x => x.Status == "Pending")
+ _changeRequestRepository.Count(x => x.Status == "Pending")
+ _contractRepository.Count(x => x.Status == "Pending")
+ _orderRepository.Count(x => x.Status == "Pending");
}
And the cache itself is set like this for a 30 second window ( as a test):-
Configuration.Caching.Configure("PendingTasksCache", cache =>
{
cache.DefaultSlidingExpireTime = TimeSpan.FromSeconds(30);
});
The first time it is called, it fetches the data successfully. But I would expect it to refresh the cache and rebuild the data every 30 seconds. But it never does and never calls GetPendingTasksCountQuery again. Where am I going wrong or what have I misunderstood?
I've secured my API functions with the [AbpAuthorize] attribute. What steps do I need to take to allow an external application to access and call my API functions? And is there something I can test with something like Postman? Apologise for vagueness, but just want to understand the steps involved to get started...
How can I get at and query UserLoginAttempt table? I want to check if an IP has logged in before in the Web module
Is there anything in ABP v1.1.1 that stops Recaptcha from working? Having trouble validating the response ... just get a null when looking for g-recaptcha-response The same code used on a blank MVC template in VS works fine. I've tried turning anti-forgery off in case that is a factor
Is there any way to turn off soft delete? Or rather, turn on hard delete?
Using v1.0 Trying to implement LDAP using your guide <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/User-Management#ldapactive-directory">http://www.aspnetboilerplate.com/Pages/ ... -directory</a>
I've added those classes to Core When I try to run I get... No component for supporting the service Abp.Zero.Ldap.Configuration.IAbpZeroLdapModuleConfig was found Castle.MicroKernel.ComponentNotFoundException: No component for supporting the service Abp.Zero.Ldap.Configuration.IAbpZeroLdapModuleConfig was found
Any ideas? Have tried updating all ABP packages and wiping Bin directories
How can I prevent or suppress the 'ajax request did not succeed' error popup? It happens when a user forces a refresh
I can use the cache successfully like this:-
var members = _cacheManager .GetCache("MembersCache") .Get("Members", () => GetMembersFromDatabase(input.ParentCompanyId)) as List<Customer>;
which calls this:- private List<Customer> GetMembersFromDatabase(int ParentCompanyId) { return _customerRepository.GetAllList(x => x.ParentCompanyId == ParentCompanyId); }
I've set the timeout to 15 mins. The problem is, after 15 minutes it returns no results. I would have expected it to start calling the GetMembersFromDatabase function again to get fresh data, but it doesn't Where am I going wrong?
Hi, Following your new example documents, I can add signalr and publish/subscribe to a simple notification. And I can see in browser Console that signalR is connected and registered.
However if I add this to header.js:-
abp.event.on('abp.notifications.received', function (userNotification) {
console.log("notification!", userNotification);
});
... nothing fires. I can see the notification and subscriptions being added to the SQL tables, but still nothing fires on the client side. In the logs I get the error "There is no notification definition with given name: CustomerCreated".
This is how I subscribe:-
await _notificationSubscriptionManager.SubscribeAsync(1, 3, "CustomerCreated");
And this is how I publish:-
public async Task Publish_CustomerCreated(string CustomerName, int CustomerId)
{
var data = new LocalizableMessageNotificationData(new LocalizableString("CustomerCreatedMessage", "BlueHarvest"));
data["CustomerName"] = CustomerName;
data["CustomerId"] = CustomerId;
await _notificationPublisher.PublishAsync("CustomerCreated", data, severity: NotificationSeverity.Warn);
}