Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Resource based authorization#24184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
maliming wants to merge73 commits intodev
base:dev
Choose a base branch
Loading
fromresource-based-auth
Open
Show file tree
Hide file tree
Changes from1 commit
Commits
Show all changes
73 commits
Select commitHold shift + click to select a range
b535f42
Introduce IResourcePermissionChecker
hikalkanNov 7, 2025
c175cfb
Merge branch 'dev' into resource-based-auth
hikalkanNov 10, 2025
e5e25c5
Added GetGrantedResourceKeysAsync
hikalkanNov 10, 2025
87e41a6
Added summaries
hikalkanNov 10, 2025
ca61e7d
Reformat IPermissionManager
hikalkanNov 10, 2025
8448bdd
Remove outdated comment
hikalkanNov 10, 2025
e662b62
Create IResourcePermissionManager.cs
hikalkanNov 10, 2025
74d6bdb
Add resource permission management interfaces and implementations
malimingNov 11, 2025
4c35fc9
Add resource-based permission to PermissionDefinition system.
malimingNov 11, 2025
fccc3f2
Add resource-based permission value providers
malimingNov 11, 2025
22cfc5b
Refactor permission type to resource name
malimingNov 11, 2025
859a4c3
Merge branch 'dev' into resource-based-auth
malimingNov 12, 2025
a2d39ad
Implement resource-based permission management with new methods and c…
malimingNov 13, 2025
f2e5cb7
Enhance resource permission management by adding provider name and ke…
malimingNov 13, 2025
09675eb
Refactor GetPermissionsAsync method to return MultiplePermissionGrant…
malimingNov 13, 2025
cdc3fdd
Implement `ResourcePermissionStore`.
malimingNov 13, 2025
0c0cff7
Add resource permission grant repositories for EF Core and MongoDB
malimingNov 13, 2025
90bf895
Implement `ResourcePermissionManager`.
malimingNov 13, 2025
2f56610
Add resource permission checker and store extension methods for entit…
malimingNov 13, 2025
b3706cf
Add resource permission management features and update API methods
malimingNov 13, 2025
8bd08b9
Make constructor public in permission handler
malimingNov 13, 2025
6be3559
Refactor permission management module
malimingNov 15, 2025
39b60db
Refactor permission grant info types in role provider
malimingNov 15, 2025
25f6877
feat(permission-management): add resource permission management features
malimingNov 16, 2025
1398c8d
fix(permission-management): validate user ID parsing in role permissi…
malimingNov 17, 2025
4b96a90
feat: Enhance user and role management with search capabilities and r…
malimingNov 17, 2025
0e5cce3
feat(permission-management): update resource permission management mo…
malimingNov 18, 2025
a14a53d
feat: Add SearchByIdsAsync methods for users and roles in Identity mo…
malimingNov 18, 2025
2844e59
feat(permission-management): update resource permission handling and …
malimingNov 18, 2025
8e7218f
Remove resource permissions modal and related actions from roles and …
malimingNov 18, 2025
7eb5066
Remove resource permission management script from roles and users pages
malimingNov 18, 2025
706ae23
Add 'ResourcePermissions' to English UI resources
malimingNov 18, 2025
4698cf3
Remove TestPermissionDefinitionProvider and update localization keys …
malimingNov 18, 2025
da213bf
Merge branch 'dev' into resource-based-auth
malimingNov 18, 2025
bf8bfb9
Enhance permission management and localization for resource permissions
malimingNov 18, 2025
185485d
Add localization for User and Role resource permission provider keys …
malimingNov 18, 2025
286e312
Refactor permission retrieval methods and clean up unused model valid…
malimingNov 18, 2025
908e51e
Add missing closing brackets in localization files for Czech and English
malimingNov 19, 2025
7d5a988
Add resource management permissions and update authorization attribut…
malimingNov 19, 2025
ba036ad
Fix form validation trigger on provider key change in resource permis…
malimingNov 19, 2025
9f33eb0
Update modal footer buttons in permission management modals for consi…
malimingNov 19, 2025
147d88c
Add localization for "NoResourceProviderKeyLookupServiceFound" messag…
malimingNov 19, 2025
7cbc6c3
Implement resource permissions management with new interfaces and ext…
malimingNov 19, 2025
c8c46c8
Add resource permission management to RoleUpdateEventHandler
malimingNov 19, 2025
288578b
Refactor ResourcePermissionGrant properties and index for improved cl…
malimingNov 19, 2025
c7413e6
Refactor permission group assertions in tests
malimingNov 19, 2025
3925ba3
Refactor resource permission population logic
malimingNov 20, 2025
621d126
Merge branch 'dev' into resource-based-auth
malimingNov 20, 2025
0e6fa6b
Add "NoResourcePermissionFound" localization key and update related m…
malimingNov 20, 2025
f30c53b
Add ResourcePermissionGrant cache invalidator
malimingNov 20, 2025
d278998
Add resource permission value provider tests
malimingNov 20, 2025
da995d4
Add resource permission checker tests and update permission definitions
malimingNov 20, 2025
d83b9b3
Add resource permission tests to StaticPermissionDefinitionStore
malimingNov 20, 2025
9edc439
Prevent child permissions for resource permissions
malimingNov 20, 2025
e42917d
Add resource permission grant repository tests
malimingNov 20, 2025
efaeebf
Implement resource permission deletion in Role and User event handlers
malimingNov 21, 2025
8c17421
Add resource permission manager extensions for roles and users
malimingNov 21, 2025
7d6e3d7
Add new tests for user and role search methods
malimingNov 21, 2025
21a303c
Return empty list for empty filter in search methods
malimingNov 21, 2025
3679b0b
Add `ResourcePermissionStore_Tests`
malimingNov 21, 2025
75230d9
Add unit tests for ResourcePermissionChecker
malimingNov 21, 2025
5bb3ac0
Add tests for ResourcePermissionGrant cache behavior
malimingNov 21, 2025
470cfda
Support resource permissions in permission serialization
malimingNov 21, 2025
843a3da
Add resource permission management provider and tests
malimingNov 21, 2025
4628196
Add pagination support to resource permission search methods
malimingNov 21, 2025
2562500
Update pagination logic in permission modal
malimingNov 21, 2025
f5404df
Introduce IKeyedObject and unify object key access
hikalkanNov 27, 2025
d425c0f
Add GetObjectKey method to MyEntity class
hikalkanNov 27, 2025
5c93eb0
Add tests for KeyedObjectHelper composite key methods
hikalkanNov 27, 2025
0658ad8
Remove JetBrains.Annotations and improve formatting
hikalkanNov 27, 2025
7500ec5
Make EntityResourcePermissionRequirementHandler
hikalkanNov 27, 2025
c190580
Rename ResourcePermissionExtenstions class
hikalkanNov 27, 2025
cea95ea
Merge branch 'dev' into resource-based-auth
malimingNov 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
PrevPrevious commit
NextNext commit
ImplementResourcePermissionManager.
  • Loading branch information
@maliming
maliming committedNov 13, 2025
commit90bf895cacc6f9c9fc7677429e2149b58d7f9ecb
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Authorization.Permissions.Resources;
using Volo.Abp.Identity;
using Volo.Abp.Modularity;
using Volo.Abp.Users;
Expand All@@ -18,10 +19,14 @@ public override void ConfigureServices(ServiceConfigurationContext context)
{
options.ManagementProviders.Add<UserPermissionManagementProvider>();
options.ManagementProviders.Add<RolePermissionManagementProvider>();
options.ResourceManagementProviders.Add<UserResourcePermissionManagementProvider>();
options.ResourceManagementProviders.Add<RoleResourcePermissionManagementProvider>();

//TODO: Can we prevent duplication of permission names without breaking the design and making the system complicated
options.ProviderPolicies[UserPermissionValueProvider.ProviderName] = "AbpIdentity.Users.ManagePermissions";
options.ProviderPolicies[RolePermissionValueProvider.ProviderName] = "AbpIdentity.Roles.ManagePermissions";
options.ProviderPolicies[UserResourcePermissionValueProvider.ProviderName] = "AbpIdentity.Users.ManagePermissions";
options.ProviderPolicies[RoleResourcePermissionValueProvider.ProviderName] = "AbpIdentity.Roles.ManagePermissions";
});
}
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Volo.Abp.Authorization.Permissions.Resources;
using Volo.Abp.Domain.Repositories;
using Volo.Abp.Guids;
using Volo.Abp.Identity;
using Volo.Abp.MultiTenancy;

namespace Volo.Abp.PermissionManagement.Identity;

public class RoleResourcePermissionManagementProvider : ResourcePermissionManagementProvider
{
public override string Name => RoleResourcePermissionValueProvider.ProviderName;

protected IUserRoleFinder UserRoleFinder { get; }

public RoleResourcePermissionManagementProvider(
IResourcePermissionGrantRepository resourcepPrmissionGrantRepository,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant,
IUserRoleFinder userRoleFinder)
: base(
resourcepPrmissionGrantRepository,
guidGenerator,
currentTenant)
{
UserRoleFinder = userRoleFinder;
}

public override async Task<PermissionValueProviderGrantInfo> CheckAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey)
{
var multipleGrantInfo = await CheckAsync(new[] { name }, resourceName, resourceKey, providerName, providerKey);

return multipleGrantInfo.Result.Values.First();
}

public override async Task<MultiplePermissionValueProviderGrantInfo> CheckAsync(string[] names, string resourceName, string resourceKey, string providerName, string providerKey)
{
using (ResourcePermissionGrantRepository.DisableTracking())
{
var multiplePermissionValueProviderGrantInfo = new MultiplePermissionValueProviderGrantInfo(names);
var resourcePermissionGrants = new List<ResourcePermissionGrant>();

if (providerName == Name)
{
resourcePermissionGrants.AddRange(await ResourcePermissionGrantRepository.GetListAsync(names, resourceName, resourceKey, providerName, providerKey));
}

if (providerName == UserResourcePermissionValueProvider.ProviderName)
{
var userId = Guid.Parse(providerKey);
var roleNames = await UserRoleFinder.GetRoleNamesAsync(userId);

foreach (var roleName in roleNames)
{
resourcePermissionGrants.AddRange(await ResourcePermissionGrantRepository.GetListAsync(names, resourceName, resourceKey, Name, roleName));
}
}

resourcePermissionGrants = resourcePermissionGrants.Distinct().ToList();
if (!resourcePermissionGrants.Any())
{
return multiplePermissionValueProviderGrantInfo;
}

foreach (var permissionName in names)
{
var resourcePermissionGrant = resourcePermissionGrants.FirstOrDefault(x => x.Name == permissionName);
if (resourcePermissionGrant != null)
{
multiplePermissionValueProviderGrantInfo.Result[permissionName] = new PermissionValueProviderGrantInfo(true, resourcePermissionGrant.ProviderKey);
}
}

return multiplePermissionValueProviderGrantInfo;
}
}
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
using Volo.Abp.Authorization.Permissions.Resources;
using Volo.Abp.Guids;
using Volo.Abp.MultiTenancy;

namespace Volo.Abp.PermissionManagement.Identity;

public class UserResourcePermissionManagementProvider : ResourcePermissionManagementProvider
{
public override string Name => UserResourcePermissionValueProvider.ProviderName;

public UserResourcePermissionManagementProvider(
IResourcePermissionGrantRepository resourcePermissionGrantRepository,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant)
: base(
resourcePermissionGrantRepository,
guidGenerator,
currentTenant)
{

}
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
using System.Threading.Tasks;
using JetBrains.Annotations;
using Volo.Abp.DependencyInjection;

namespace Volo.Abp.PermissionManagement;

public interface IResourcePermissionManagementProvider : ISingletonDependency //TODO: Consider to remove this pre-assumption
{
string Name { get; }

Task<PermissionValueProviderGrantInfo> CheckAsync(
[NotNull] string name,
[NotNull] string resourceName,
[NotNull] string resourceKey,
[NotNull] string providerName,
[NotNull] string providerKey
);

Task<MultiplePermissionValueProviderGrantInfo> CheckAsync(
[NotNull] string[] names,
[NotNull] string resourceName,
[NotNull] string resourceKey,
[NotNull] string providerName,
[NotNull] string providerKey
);

Task SetAsync(
[NotNull] string name,
[NotNull] string resourceName,
[NotNull] string resourceKey,
[NotNull] string providerKey,
bool isGranted
);
}
Original file line numberDiff line numberDiff line change
Expand Up@@ -7,33 +7,33 @@ public interface IResourcePermissionManager
{
Task<PermissionWithGrantedProviders> GetAsync(
string permissionName,
string providerName,
string providerKey,
string resourceName,
string resourceKey
string resourceKey,
string providerName,
string providerKey
);

Task<MultiplePermissionWithGrantedProviders> GetAsync(
string[] permissionNames,
string provideName,
string providerKey,
string resourceName,
string resourceKey
string resourceKey,
string providerName,
string providerKey
);

Task<List<PermissionWithGrantedProviders>> GetAllAsync(
string providerName,
string providerKey,
string resourceName,
string resourceKey
string resourceKey,
string providerName,
string providerKey
);

Task SetAsync(
string permissionName,
string providerName,
string providerKey,
string resourceName,
string resourceKey,
string providerName,
string providerKey,
bool isGranted
);
}
}
Original file line numberDiff line numberDiff line change
Expand Up@@ -7,6 +7,8 @@ public class PermissionManagementOptions
{
public ITypeList<IPermissionManagementProvider> ManagementProviders { get; }

public ITypeList<IResourcePermissionManagementProvider> ResourceManagementProviders { get; }

public Dictionary<string, string> ProviderPolicies { get; }

/// <summary>
Expand All@@ -22,6 +24,7 @@ public class PermissionManagementOptions
public PermissionManagementOptions()
{
ManagementProviders = new TypeList<IPermissionManagementProvider>();
ResourceManagementProviders = new TypeList<IResourcePermissionManagementProvider>();
ProviderPolicies = new Dictionary<string, string>();
}
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
using System.Linq;
using System.Threading.Tasks;
using Volo.Abp.Domain.Repositories;
using Volo.Abp.Guids;
using Volo.Abp.MultiTenancy;

namespace Volo.Abp.PermissionManagement;

public abstract class ResourcePermissionManagementProvider : IResourcePermissionManagementProvider
{
public abstract string Name { get; }

protected IResourcePermissionGrantRepository ResourcePermissionGrantRepository { get; }

protected IGuidGenerator GuidGenerator { get; }

protected ICurrentTenant CurrentTenant { get; }

protected ResourcePermissionManagementProvider(
IResourcePermissionGrantRepository resourcePermissionGrantRepository,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant)
{
ResourcePermissionGrantRepository = resourcePermissionGrantRepository;
GuidGenerator = guidGenerator;
CurrentTenant = currentTenant;
}

public virtual async Task<PermissionValueProviderGrantInfo> CheckAsync(string name, string resourceName,string resourceKey, string providerName, string providerKey)
{
var multiplePermissionValueProviderGrantInfo = await CheckAsync(new[] { name }, resourceName, resourceKey, providerName, providerKey);

return multiplePermissionValueProviderGrantInfo.Result.First().Value;
}

public virtual async Task<MultiplePermissionValueProviderGrantInfo> CheckAsync(string[] names, string resourceName, string resourceKey, string providerName, string providerKey)
{
using (ResourcePermissionGrantRepository.DisableTracking())
{
var multiplePermissionValueProviderGrantInfo = new MultiplePermissionValueProviderGrantInfo(names);
if (providerName != Name)
{
return multiplePermissionValueProviderGrantInfo;
}

var resourcePermissionGrants = await ResourcePermissionGrantRepository.GetListAsync(names, resourceName, resourceKey, providerName, providerKey);

foreach (var permissionName in names)
{
var isGrant = resourcePermissionGrants.Any(x => x.Name == permissionName);
multiplePermissionValueProviderGrantInfo.Result[permissionName] = new PermissionValueProviderGrantInfo(isGrant, providerKey);
}

return multiplePermissionValueProviderGrantInfo;
}
}

public virtual Task SetAsync(string name, string resourceName,string resourceKey, string providerKey, bool isGranted)
{
return isGranted
? GrantAsync(name, resourceName, resourceKey, providerKey)
: RevokeAsync(name, resourceName, resourceKey, providerKey);
}

protected virtual async Task GrantAsync(string name, string resourceName, string resourceKey, string providerKey)
{
var resourcePermissionGrants = await ResourcePermissionGrantRepository.FindAsync(name, resourceName, resourceKey, Name, providerKey);
if (resourcePermissionGrants != null)
{
return;
}

resourcePermissionGrants = new ResourcePermissionGrant(GuidGenerator.Create(), name, resourceName, resourceKey, Name, providerKey, CurrentTenant.Id);
await ResourcePermissionGrantRepository.InsertAsync(resourcePermissionGrants, true);
}

protected virtual async Task RevokeAsync(string name, string resourceName,string resourceKey, string providerKey)
{
var resourcePermissionGrants = await ResourcePermissionGrantRepository.FindAsync(name, resourceName, resourceKey, Name, providerKey);
if (resourcePermissionGrants == null)
{
return;
}

await ResourcePermissionGrantRepository.DeleteAsync(resourcePermissionGrants, true);
}
}
Loading
[8]ページ先頭
©2009-2025 Movatter.jp