Closed alihdev closed 4 months ago
maliming
commented
6 months ago However, the issue arises when we call the application configuration endpoint; to get permissions .. the newly added permissions don't appear unless we rebuild the AdministrationService.
You can wait for 30 seconds to refresh the memory cache.
alihdev
commented
6 months ago Hello,
Thank you for your prompt response. the refresh isn't happening even after waiting for more than 30 seconds.
Regarding our code to clear the cache:
protected virtual Task ClearStoreCacheAsync()
{
_storeCache.LastCheckTime = null;
_storeCache.CacheStamp = null;
return Task.CompletedTask;
}We're calling this code after inserting new permissions.
Do you have any further insights into why the cache might not be refreshing as expected?
Thank you.
maliming
commented
6 months ago hi
Can you share a project to show this problem? You can upload it to GitHub.
alihdev
commented
6 months ago We'll work on creating a project that highlights the issue
alihdev
commented
6 months ago Hello,
While debugging the ABP code, we've discovered that when the cache is cleared or a role is assigned to a user from the X service, the admin service isn't affected. However, when we clear the cache from the admin service, everything works fine.
Please refer to this video for a clearer understanding of the issue: Video Link
Additionally, we've created a project for your review to investigate the problem: Project Link
Please note the changes we've made in the latest version of eShop code:
Permission creation from CmskitService: Code Link
Dynamic permission enablement in AdministrationService: Code Link
Your assistance in resolving this matter is greatly appreciated.
Thank you!
maliming
commented
6 months ago hi
Can you update your tye.yaml file and share the steps to reproduce?
I have some doubts about running your app and authentication.
alihdev
commented
6 months ago The project I shared with you is the same as eShopOnAbp. I downloaded it, and we've made the following changes:
Please note the changes we've made in the latest version of eShop code:
Additionally, we modified the type.yml to only run the cmskit-service and administration-service, similar to the setup in tye.yaml. You can use it.
maliming
commented
6 months ago I will run the run-tye.ps1, What are the next steps?
alihdev
commented
6 months ago When the gateway is open, please open two tabs: one for the administration-service and another for the cmskit-service.
In the cmskit-service Swagger, call the endpoint CreatePermission in SimpleAppService to create dynamic permissions. Subsequently, In administration-service Swagger, call the endpoint Get in AbpApplicationConfigurationAppService to retrieve the current user with their permissions.
You'll notice that the permission (created in CreatePermission) is not found only after you rebuild the admin service.
Further details can be found in the commmet
maliming
commented
6 months ago hi
You can inject the IDistributedCache DistributedCache and remove the $"{CacheOptions.KeyPrefix}_AbpInMemoryPermissionCacheStamp"; cache.
I will find a way on the framework.
alihdev
commented
6 months ago Ok, I tried this, and the cache cleared successfully.
However, I encountered another issue when attempting to call this function from X service:
await _permissionManager.SetForRoleAsync("admin", name, true);We've discovered that we should also enable the IsDynamicPermissionStoreEnabled configuration in the X service when we activate it. We're encountering the following exceptions within the PermissionManager
ManagementProviders
(Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.Abp.PermissionManagement.Identity.RolePermissionManagementProvider. ---> Autofac.Core.DependencyResolutionException: None of the constructors found on type 'Volo.A…):[humanresource-service_3e0ba3d1-e]: [13:39:17 WRN] An exception occurred, but response has already started!
[humanresource-service_3e0ba3d1-e]: [13:39:17 ERR] An unhandled exception has occurred while executing the request.
[humanresource-service_3e0ba3d1-e]: Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.Abp.PermissionManagement.Identity.RolePermissionManagementProvider.
[humanresource-service_3e0ba3d1-e]: ---> Autofac.Core.DependencyResolutionException: None of the constructors found on type 'Volo.Abp.PermissionManagement.Identity.RolePermissionManagementProvider' can be invoked with the available services and parameters:
[humanresource-service_3e0ba3d1-e]: Cannot resolve parameter 'Volo.Abp.Identity.IUserRoleFinder userRoleFinder' of constructor 'Void .ctor(Volo.Abp.PermissionManagement.IPermissionGrantRepository, Volo.Abp.Guids.IGuidGenerator, Volo.Abp.MultiTenancy.ICurrentTenant, Volo.Abp.Identity.IUserRoleFinder)'.
[humanresource-service_3e0ba3d1-e]:
[humanresource-service_3e0ba3d1-e]: See https://autofac.rtfd.io/help/no-constructors-bindable for more info.
[humanresource-service_3e0ba3d1-e]: at Autofac.Core.Activators.Reflection.ReflectionActivator.<>c__DisplayClass14_0.<UseSingleConstructorActivation>b__0(ResolveRequestContext ctxt, Action`1 next)
[humanresource-service_3e0ba3d1-e]: at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
[humanresource-service_3e0ba3d1-e]: at Autofac.Builder.RegistrationBuilder`3.<>c__DisplayClass41_0.<PropertiesAutowired>b__0(ResolveRequestContext ctxt, Action`1 next)
[humanresource-service_3e0ba3d1-e]: at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)Also, here's an image related to the code issue:
I will reproduce this issue in the public project
Thank you!
alihdev
commented
6 months ago Related to the above comment, I have fixed it; there was a dependency issue in the host (AbpIdentityHttpApiClientModule).
maliming
commented
6 months ago maliming
commented
6 months ago hi
You can inject the
IDistributedCache DistributedCacheand remove the$"{CacheOptions.KeyPrefix}_AbpInMemoryPermissionCacheStamp";cache.I will find a way on the framework.
hi
I checked the source code.
The StaticPermissionSaver will update the cache value. Can you try to debug this class to see what's happened?
StevenNgoc
commented
5 months ago @maliming Please help me ! I run demo eShopOnAbp in local. I find a problem ! When update Permission with Module Permission-Manager.
I check in Caching Service with Redis. R,pk have update, but U,pk is not. I did review code in Abp and Permission Module. Fuction update Role and User permission is the same api. Please help me why permission it not update in caching
maliming
commented
5 months ago hi @StevenNgoc
Please create a new issue, and share the steps.
Thanks.
Hi,
We need to implement dynamic permissions to add permissions at runtime. Currently, we're using IPermissionDefinitionRecordRepository to add new permissions and IDynamicPermissionDefinitionStoreInMemoryCache to clear the store.
When we add a new permission from service X at runtime, the addition is successful. The permission gets added to the AbpPermissions table in the AdministrationService.
However, the issue arises when we call the application configuration endpoint; to get permissions .. the newly added permissions don't appear unless we rebuild the AdministrationService.
Steps to Reproduce:
Note: In a monolithic application setup, this dynamic permission addition works seamlessly without encountering any issues