Hello, this is more of a design question than specific to ABP, but there are some smart people here so I wanted to hear your answers.
A user may be able to edit a Tenants details. So we need a "Edit Tenant" page. If a user can edit their own tenant, and other tenants (they are a kind of Admin), then they can use the same "Edit Tenant" page for all cases. When the user clicks save, I only need to check that they have the "Edit All Tenants" permission.
Some users, can only Edit their own Tenant. These users can still use the normal "Edit Tenant" page, however, this means that when the user tries to save, I need to check that the user has the "Edit Own Tenant" permission. But this requires creating a whole separate flow for the case where a user is editing their own Tenant. Which means at least putting an "if tenantId is session.tenantId" into the service methods. This feels wrong.
So my question comes down to, shouldn't it be some kind of CanUserEditTenant(input.TenantId) ?
This would require a lot of work under permissions, but would mean that all views, controller actions and service methods could be clean from any authorization work, and duplicate code. It would mean that all editing of a tenant would be one view, one controller action and one service method. The service method would call this function to check the permission.
Am I on the right track? If so, where should these "permission checking" functions be written? They will end up being quite elaborate.
IMessagesAppService <> MessagesAppService Is found fine with DI Iお知らせAppService <>お知らせAppService is not found.
Is there a way to make it automatically work with Japanese names too?
Hello.
I have a message reporting system. When a user writes and saves a message, the message is tied strictly to that user view their TenantID. All "related" (connected in some table) other Tenants can see this message. I think ABP automatically writes TenantId on Create, but I would like to know, which layer of the system does this responsibility technically lye in? Application or repository? Or even domain (constructor of the entity doesn't have session info though)
Next question is: We have an order system. This means there are 2 tenant ID's written on the order entity. This is fine. After an order is processed, a "shipment" is created by the person sending it. In this case, and for the sake of indexing, we have both tenant1 and 2 on the shipment (normalized, we could read this from the related order, but its slow so we have to denormalize). Where would the responsibility for this lie? Would this be a domain logic thing and so, the constructor for a shipment should take an Order?
Thanks
I am trying to pull a "Message" and show it to the user. A message has a CreatedUserId. When I display the message, I also want to display the users name. (Which is not held on the Message object).
I can think of several ways to do this, please give me some feedback about what to do in this case. Here are some ideas:
If 1) seems correct, then my concern is that this is a "for view" thing which isn't really the application layers responsibility, or is it? 2) is probably the solution everyone goes with?
Thanks
Is there a fast and easy way to manager permission for CRUD operations other than:
<app service> [AbpPermissionStuff} public update(updateDto updateinput){ base.updatewhatever }
^ Is this the recommended way to apply the permission?
Where is this class?
Documented here: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Application-Services#getting-list">http://www.aspnetboilerplate.com/Pages/ ... tting-list</a>
But nothing: <a class="postlink" href="https://github.com/search?q=org%3Aaspnetboilerplate+PagedAndSortedResultRequestInput">https://github.com/search?q=org%3Aaspne ... questInput</a>
Hello.
How can I map things using the fluent Api in a similar way to CreatedUserId on the ICreationAudited interface.
I want to attach an interface, and have it automatically create the foreign key link in the database. How did you guys accomplish this? I cannot see it in the code
What is the recommended way to write tests which test input which depends on tenant ID? (Create message, for example)
Hello,
I would like to add IP Address to the information saved on a table. How would I do this?
Hello,
In the documentation for session: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Abp-Session">http://www.aspnetboilerplate.com/Pages/ ... bp-Session</a>
You wrote that: "it's adviced to use IAbpSession in application layer and upper layers (we don't use it in domain layer normally). " advised *
However, to do multi-tenancy, aren't you taking the session and applying the TenantId somewhere in your Repository<Entity> ?
Is this a necessary evil? Please clarify if I missed something, thanks.