Open Closed

Elsa integration with authorization #3161


User avatar
0
fareed created
  • ABP Framework version: v5.2.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:

I'm having trouble implementing authorization e.g. oauth2 for elsa workflow endpoints when elsa is integrated with abp framework.

app.UseConfiguredEndpoints(endpoints => { // Elsa API Endpoints are implemented as regular ASP.NET Core API controllers. endpoints.MapControllers().RequireAuthorization(); });

https://github.com/elsa-workflows/elsa-core/issues/2681

This configuration as shown above doesn't seem to wrap the workflow endpoints with any kind of authorization. Elsa version is 2.5. Any ideas?


2 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    we will check it out.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I have checked.

    It works for me:

    But, it's not a good solution, because RequireAuthorization protects all controllers, including Elsa's API controllers. It's like adding [AuthorizeAttribute] to all controllers.

    It breaks the default behavior of all controllers, even though it doesn't require authorization.

    You can check this: https://community.abp.io/posts/using-elsa-workflow-with-the-abp-framework-773siqi9 . It explains protecting elsa dashboard pages based on permissions

    For API endpoints, you can try this:

    public class ElsaActionFilter: IAsyncActionFilter, ITransientDependency
    {
        private readonly ICurrentUser _currentUser;
        private readonly IPermissionChecker _permissionChecker;
    
        public ElsaActionFilter(IPermissionChecker permissionChecker, ICurrentUser currentUser)
        {
            _permissionChecker = permissionChecker;
            _currentUser = currentUser;
        }
    
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            if (context.Controller.GetType().FullName.StartsWith("Elsa.Server.Api.Endpoints"))
            {
                //elsa api endpoint
                if (!_currentUser.IsAuthenticated)
                {
                    context.Result = new UnauthorizedResult();
                    return;
                }
                
                if (!await _permissionChecker.IsGrantedAsync("PermissionName..."))
                {
                    context.Result = new UnauthorizedResult();
                    return;
                }
                
                await next();
            }
            else
            {
                await next();
            }
        }
    }
    
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11