Closed ali-mustafa-98 closed 1 month ago
This is not a bug. Users should be able to access all permissions of the role.
If you need you can override the PermissionChecker
to deny certain permissions
https://github.com/abpframework/abp/blob/c9f59bc75d41d4b9f7865bf491eb470d4d496d80/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs#L44
This is not a bug. Users should be able to access all permissions of the role.
If you need you can override the
PermissionChecker
to deny certain permissions
The documentation states that the Identity Module defines two types of permission management providers:
UserPermissionManagementProvider:
Manages user-based permissions.
RolePermissionManagementProvider:
Manages role-based permissions.
The order of the providers is important. Providers are executed in the reverse order.
If RolePermissionManagementProvider
gets executed first, how can I change the order of execution? More importantly, if I had the UserPermissionManagementProvider
as the first provider to be executed, will this allow me to make some permissions prohibited from being accessed by the user while being accessible by the user's role?
Arrange in order of adding to options
You can add your PermissionValueProvider
to the top
Configure<AbpPermissionOptions>(options =>
{
options.ValueProviders.Insert(0, new YourPermissionValueProvider());
});
There is the document:
https://docs.abp.io/en/abp/latest/Authorization#advanced-topics
Is there an existing issue for this?
Description
If I have a role "Customer" assigned to the user "user1" and it has many permissions assigned to it, how can I prevent "user1" from getting access to permission "p1," which is accessible from the "Customer" role, while keeping all other permissions assigned to the "Customer" role still accessible by "user1"? I have tried doing this by using
IPermissionManager
like this:await permissionManager.SetForUserAsync(userId, p1, false).
However, this approach did not work, and "user1" still has access to permission "p1." Then I tried defining a new custom permission management provider as stated in the "Abp framework tutorial => Permission Management Module,", But this also did not work. I was not able to prohibit the user from getting access to any permission that is accessible by the user's role.Reproduction Steps
No response
Expected behavior
No response
Actual behavior
No response
Regression?
No response
Known Workarounds
No response
Version
8.2
User Interface
Common (Default)
Database Provider
EF Core (Default)
Tiered or separate authentication server
Tiered
Operation System
Windows (Default)
Other information
No response