Hi Support Team,
We are looking for your URGENT help on this.
Regards,
Hariom Mall
Hello,
ABP allows you to extend permissions. You can add custom properties like below:
var bookPermission = myGroup.AddPermission(AbpSolution2Permissions.Books.Default, L("Permission:Books")); bookPermission.WithProperty("moduleId", "CmsKit"); bookPermission.AddChild(AbpSolution2Permissions.Books.Create, L("Permission:Create")).WithProperty("moduleId", "CmsKit");Then you can add your own
PermissionValueProvideras a contributor as follows:ublic class ModulePermissionValueProvider : PermissionValueProvider { public override string Name => "ModuleUser"; public ModulePermissionValueProvider(IPermissionStore permissionStore) : base(permissionStore) { } public override Task<MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context) { var permissionNames = context.Permissions.Select(x => x.Name).ToArray(); foreach (var permission in context.Permissions) { if (!CheckAsync(context.Principal, permission.Properties["module_id"]?.ToString())) { return Task.FromResult(new MultiplePermissionGrantResult(permissionNames, PermissionGrantResult.Prohibited)); } } return Task.FromResult(new MultiplePermissionGrantResult(permissionNames, PermissionGrantResult.Granted)); } public override Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context) { var moduleId = context.Permission.Properties["module_id"]?.ToString(); if (moduleId.IsNullOrEmpty()) { return Task.FromResult(PermissionGrantResult.Undefined); } if (!CheckAsync(context.Principal, context.Permission.Properties["module_id"]!.ToString())) { return Task.FromResult(PermissionGrantResult.Prohibited); } return Task.FromResult(PermissionGrantResult.Granted); } private bool CheckAsync(ClaimsPrincipal? principal, string? moduleId) { if (moduleId.IsNullOrEmpty() || principal == null) { return false; } return principal!.HasClaim(x => x.Type == moduleId); } }Once a provider is defined, it should be added to the AbpPermissionOptions as shown below:
Configure<AbpPermissionOptions>(options => { options.ValueProviders.Add<ModulePermissionValueProvider>(); });See more: https://abp.io/docs/latest/framework/fundamentals/authorization#permission-value-providers
**Disclaimler: ** This code is not recommended for direct use in a production environment. It was created just to give an idea, you can customize it according to your own needs.
Thank you for your response!
Our goal is to establish a single permission set that applies across multiple LOBs/modules.
Here’s the scenario:
Permission: Profile.Create Modules/LOBs: Buyer, Supplier
User A: Has permission to create a profile in the Buyer module only. User B: Has permission to create a profile in both the Buyer and Supplier modules.
We need your help us to provide some sample code for Backend and Frontend.
Could you please advise on the best approach to implement this?
Thank you!
Hi ABP.IO Support Team,
Thank you for your response!
Our goal is to establish a single permission set that applies across multiple LOBs/modules.
Here’s the scenario:
Permission: Profile.Create Modules/LOBs: Buyer, Supplier
User A: Has permission to create a profile in the Buyer module only. User B: Has permission to create a profile in both the Buyer and Supplier modules.
We need your help us to provide some sample code for Backend and Frontend.
Could you please advise on the best approach to implement this?
Thank you!
After upgrading the application to .net 8 and ABP.IO 8.2 we are getting following error. Can you please review and help us on this.
ABP Framework version: v8.2.2
UI Type: Angular
Database System: EF Core (PostgreSQL, etc..)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException: IDX10225: Lifetime validation failed. The token is missing an Expiration Time. Tokentype: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
at Microsoft.IdentityModel.Tokens.ValidatorUtilities.ValidateLifetime(Nullable1 notBefore, Nullable1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
--- End of stack trace from previous location ---
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
Steps to reproduce the issue:
