search

JonPSmith / AuthPermissions.AspNetCore

This library provides extra authorization and multi-tenant features to an ASP.NET Core application.
https://www.thereformedprogrammer.net/finally-a-library-that-improves-role-authorization-in-asp-net-core/
MIT License
788 stars 159 forks source link

Multi-tenant Roles: Problem when changing a Roles RoleType or when deleting #13

Closed JonPSmith closed 2 years ago

JonPSmith commented 2 years ago

With the new multi-tenant Role types (see this explanation about multi-tenant Role types in the docs) in version 2.0.0 are two issues that haven't been covered in the current release (2.1.0). They are

1. Changing the RoleType can cause problems

The issues are

  1. If a Normal Role is changed to a HiddenFromTenant then that Role should be removed from any tenant users.
  2. If a Normal or HiddenFromTenant Role's RoleType are changed to TenantAutoAdd or TenantAdminAdd then the roles are in the correct place (i.e. should be in the TenantRoles)
  3. If a TenantAutoAdd or TenantAdminAdd Role's RoleType are changed to Normal or HiddenFromTenant then the roles are in the correct place (i.e. should be in the AuthUser's Roles)

I could just detect these changes and sent back an error, but issue 1 (Normal Role is changed to a HiddenFromTenant) would be fairly easy to delete that Role from Tenant users using the Role Delete checks.

Delete Role

The DeleteRoleAsync method works on tenant Roles because it deletes the RoleToPermissions which remove the user or tenant link. The only problem is that the QueryUsersUsingThisRole method only covers AuthUsers. We need a QueryTenantsUsingThisRole too.

JonPSmith commented 2 years ago

Here is a list of possible changes to a Role's type, and what you should do for each one

Original RoleType New RoleType In Users? In Tenants?
Normal TenantAutoAdd ERROR impossible
Normal TenantAdminAdd ERROR impossible
Normal HiddenFromTenant ERROR (if user has tenant) impossible
TenantAutoAdd Normal impossible ERROR
TenantAutoAdd TenantAdminAdd impossible OK
TenantAutoAdd HiddenFromTenant impossible ERROR
TenantAdminAdd Normal impossible OK
TenantAdminAdd TenantAutoAdd ERROR OK
TenantAdminAdd HiddenFromTenant ERROR (if user has tenant) ERROR
HiddenFromTenant Normal OK impossible
HiddenFromTenant TenantAutoAdd ERROR impossible
HiddenFromTenant TenantAdminAdd ERROR impossible

Note that:

JonPSmith commented 2 years ago

Fixed in version 2.3.0