We don't want to use the Organization Unit functionality and want to remove it from the UI/API #255

0

liangshiwei created 4 years ago

Support Team Fullstack Developer

Hi,

The easiest way is to delete the organizational unit menu:

context.Menu.GetAdministration().Items.FirstOrDefault(x => x.Name.Equals(IdentityMenuNames.GroupName))?.TryRemoveMenuItem(IdentityMenuNames.OrganizationUnits);

If you want to disable the API:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IOrganizationUnitAppService))]
[RemoteService(false)]
public class MyOrganizationUnitAppService : OrganizationUnitAppService, IOrganizationUnitAppService
{
    public MyOrganizationUnitAppService(
        OrganizationUnitManager organizationUnitManager,
        IdentityUserManager userManager,
        IOrganizationUnitRepository organizationUnitRepository,
        IIdentityUserRepository identityUserRepository,
        IIdentityRoleRepository identityRoleRepository) 
        : base(
            organizationUnitManager,
            userManager, 
            organizationUnitRepository,
            identityUserRepository, 
            identityRoleRepository)
    {
    }
}

0

paulmcelhinney created 4 years ago

Thanks for the quick response.

I noticed that the UI seems to be driven off the AbpPermissionGrants table and that if I change the provider key for the row with the Name "AbpIdentity.OrganizationUnits" from "admin" to "" it removes the item from the application. It seems like a better approach might be setting rows with this value to not have access rather than updating the code. That way, if our needs change later we can simply update the database to allow access to organization units. What would be the best way to ensure that rows with the Name "AbpIdentity.OrganizationUnits" do not have a provider key of "admin" since it looks like this table is populated for every tenant that gets added?

I tried to disable the api following the instructions above but am not sure if I'm doing it right because the API still seems to be functioning. Besides disabling it, I also want to remove it from the API.

I created a customOrganizationUnit class in my Application project and added one additional attribute that I thought would remove it from the API but it neither removes it from the API nor disables it.

using System;
using System.Collections.Generic;
using System.Text;
using Volo.Abp.DependencyInjection;
using Volo.Abp;
using Volo.Abp.Identity;
using JetBrains.Annotations;

namespace CycleClarity.WebPlatform.OrganizationUnits
{
    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(IOrganizationUnitAppService))]
    [RemoteService(IsEnabled = false, IsMetadataEnabled = false)]
    public class MyOrganizationUnitAppService : OrganizationUnitAppService, IOrganizationUnitAppService
    {
        public MyOrganizationUnitAppService(
            OrganizationUnitManager organizationUnitManager,
            IdentityUserManager userManager,
            IOrganizationUnitRepository organizationUnitRepository,
            IIdentityUserRepository identityUserRepository,
            IIdentityRoleRepository identityRoleRepository)
            : base(
                organizationUnitManager,
                userManager,
                organizationUnitRepository,
                identityUserRepository,
                identityRoleRepository)
        {
        }
        
    }
}

In my application module, ConfigureServices I added the following:

 context.Services.Replace(
            ServiceDescriptor.Transient<IOrganizationUnitAppService, MyOrganizationUnitAppService>());

Thanks, Paul

0

paulmcelhinney created 4 years ago

So, I figured out how to remove the options by overriding the permissions in the Application.Contracts project in the PermissionDefinitionProvider.cs

public class WebPlatformPermissionDefinitionProvider : PermissionDefinitionProvider
    {
        
        public override void PostDefine(IPermissionDefinitionContext context)
        {
            //Remove the Organization Unit functionality by overriding permissions and setting it to not enabled/granted
            context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.Default).IsEnabled = false;
            context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageOU).IsEnabled = false;
            context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageRoles).IsEnabled = false;
            context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageUsers).IsEnabled = false;

        }
	}

So, any ideas on why the earlier changes did not result in the endpoints not being removed from the Swagger UI?

Thanks Paul

0

alper created 4 years ago

Support Team Director

you can hide the endpoints easily, see https://support.abp.io/QA/Questions/264/How-to-hide-an-endpoint-from-Swagger

0

liangshiwei created 4 years ago

Support Team Fullstack Developer

Yes, you can set IsEnabled to false, A disabled permission will be prohibited for everyone. it will always return prohibited.

Currently no good way to remove it from the API, but this can still be done:

This way, API endpoints will not be created

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IAbpServiceConvention))]
public class MyServiceConvention : AbpServiceConvention, ITransientDependency
{
    public MyServiceConvention(IOptions<AbpAspNetCoreMvcOptions> options) : base(options)
    {

    }

    protected override void ApplyForControllers(ApplicationModel application)
    {
        application.Controllers.RemoveAll(x => x.ControllerType == typeof(OrganizationUnitController));
        
        base.ApplyForControllers(application);
    }
}

0

paulmcelhinney created 4 years ago

Thanks - I ended up just hiding it from Swagger. The other change I made to limit permissions will prevent anyone from succesfully calling the endpoints.

6 Answer(s)