"michael.sudnik" 'in aktiviteleri
I have now created a brand new v4.0.0-rc3 version and made only a single modification to the code.
.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, "Company", options =>
{
options.AuthorizationEndpoint = "https://login.microsoftonline.com/[###MY TENENT ID###]/oauth2/v2.0/authorize";
options.TokenEndpoint = "https://login.microsoftonline.com/[##MY TENENT ID###]/oauth2/v2.0/token";
})
The problem occurs when running locally, without publishing to azure.
The inclusion of the following code, fixes the problem for some reason:
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(RegisterModel))]
public class CustomRegisterModel : RegisterModel
{
protected override async Task RegisterExternalUserAsync(ExternalLoginInfo externalLoginInfo, string emailAddress)
{
var user = new IdentityUser(GuidGenerator.Create(), emailAddress, emailAddress, CurrentTenant.Id);
(await UserManager.CreateAsync(user)).CheckErrors();
(await UserManager.AddDefaultRolesAsync(user)).CheckErrors();
var userLoginAlreadyExists = user.Logins.Any(x =>
x.TenantId == user.TenantId &&
x.LoginProvider == externalLoginInfo.LoginProvider &&
x.ProviderKey == externalLoginInfo.ProviderKey);
if (!userLoginAlreadyExists)
{
(await UserManager.AddLoginAsync(user, new UserLoginInfo(
externalLoginInfo.LoginProvider,
externalLoginInfo.ProviderKey,
externalLoginInfo.ProviderDisplayName
))).CheckErrors();
}
await SignInManager.SignInAsync(user, isPersistent: true);
}
}
This appears to work without any problems now that I have upgraded to v4.0.0-rc3
This appears to work without any problems now that I have upgraded to v4.0.0-rc3
Hi,
When i perform the same steps as you to create a new solution (using EF), I can confirm that it works and I can logout and log back in again repeatedly without any problems.
However, when I create a new app using the MongoDB database provider, I then see the incorrect behaviour.
abp new MyApp -t app-pro -u mvc --mobile none --database-provider mongodb --csf --preview
Thanks for looking into it.
If you hit F5 enough, it will go away eventually. When the first one appears, I have been disabling that type of exception until the application has started and then restore it again.
The exception does not appear to be causing any problems with actually running the application.
This appears to still be an issue in v4.0.0-rc.4
This appears to now be fixed in RC5
- ABP Framework version: v4.0.0 RC5
- UI type: MVC
- Tiered (MVC) or Identity Server Seperated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:
When I try to move an organization unit to a different parent (e.g. move Production under Central)...
I can see in the preview that I am requesting to move it where I want to
and the confirmation dialog is correct.
However, after completion, it has not moved.
This appears to be the case when trying to move organization units to any different level, including to the root level.
Mike
i have not yet tried this yet, but my instinct is that maybe this is a problem with the mongodb specific version. I have not made any modifications to the main application and only created custom modules, so I would have expected this to work. Which db did you use for your test? I will create a new solution and do some more investigating when i get a chance.
- ABP Framework version: c4.0.0
- UI type: MVC
- Tiered (MVC) or Identity Server Seperated (Angular): yes
- MongoDB
- Exception message and stack trace:
- Steps to reproduce the issue:
Hi,
The existing OU functionality allows us to define a hierarchy of OUs and then specify the users which are within the OUs. We are then able to define the roles for an OU, which results in those roles being applied to the users within the OU.
However, we have a requirement where we need to able to assign a role to a user, which should only give them the role permissions for the specific organizational units defined by the role.
The idea would be the following.
- Be able to create a role and be able to indicate that it is a "Restricted Access" role (it would just be an extension of the existing role entity) and specify which organization units the role functionality is applicable to.
- it does not grant its permissions globally, but only for data within the specified organization units.
- Be able to choose which organization unit(s) the the role applies to
- The permissions enabled by the role will be limited to those that support restricted access (as it is up to the services / repositories to ensure that they can filter by OU).
- A user does not need to be in the orgnization unit to be assigned the role
- Assign the role to user/organisation units/api clients in the usual way
- As it is a normal role (with some additional properties), this will mean that it will work for the usual role functionality and security checks within razor pages and services
- Within the services the data can be filtered and actions restricted so that they are ou specific
I have looked at all the existing documentation regarding organization units and looked at many existing software solutions to discover how it works from a users perspective and I believe the above design would work well.
I am wondering if you are planning to extend the OU functionality to include this feature in the future? Or anything similar? Is there already a request of backlog item for it?
If not, are you able to make any recommendations about how we should go about implementing this functionality?
My current thinking is
- Extend the permissions system to be able to define permissions as "Restricted Access"
- This is needed because not all permissions will support filtering by OU
- Extend the role creation / editor
- to be able to indicate that a role is "Restricted Access"
- to be able to select the "Restricted Access" permissions which are enabled for the role
- Extend relative entities so that they can be included in an OU.
- We might want to support entities existing in more thatn on OU
- Extend my services / repositories to do the required filtering
- Make the design flexible enough that we can override and extend existing modules to make the support the "Restricted Access" concept
I settled on the "Restricted Access" rather than "OU Specific" as I think "OU Specific" does not make it clear what its purpose is and can be confused with the existing ability to add roles to an OU. I also chose to extend permissions to be "Restricted Access" and to make a distinction between normal roles vs "Restricted Access" roles to make it clear what a user with the role will be able to do and there would be no confusion about if the user will have access to all data or only data associated with particular OUs.
Your help is greatly appreciated,
Mike