jonpsmith / permissionaccesscontrol2 Goto Github PK
View Code? Open in Web Editor NEWVersion 2 of example application to go with articles on feature and data authorization
License: MIT License
Version 2 of example application to go with articles on feature and data authorization
License: MIT License
Hi,
I downloaded your git repository as a zip file, extracted it and run PermissionAccessControl2 in Visual Studio 2019. No Problem so far. If I then try to login with any of the given users, nothing happens. No error no successful login.
Is it broken or is something wrong on my side?
Kind Regards,
Timo
Hi Jon,
I've been using this code as a base, and I was wondering if I could get your input on a particular topic. This is more of a question than an issue though, sorry for bringing this up as an issue request.
Right now, I've been using the role/permissions to control access to individual controller's views and this has been working great. However, do you think it would be a good idea to use those permissions for more than just controlling access?
For example, let's say we are building a university management application like Microsoft's Contoso University example, and one of the requirements of the app is to only allow certain teachers to coordinate a course. A possible way to implement this would be to add a "CanCoordinateCourse" column in the Teachers table and check this flag accordingly. However, since the PermissionAccessControl skeleton code already gives a system for handling permissions, do you think it would be a good idea to create a "Permissions.CanCoordinateCourse" and store it in one of the roles?
The problem I see with the latter is that, if for example we would like to query all teachers that can coordinate a course, we would need to keep unpacking the list of permissions from the "_permissionsInRole" string, complicating the queries. On the other hand, in the former approach, every time a new "CanCordinateXXX" permission would need to be added we would need to add a new column to the database and therefore perform a migration.
How would you approach that?
Hello,
am I wrong or there is no method defined to remove one or more roles assigned to an user?
Any implementations hints?
Thank you.
Hi,
Is it possible to use PostgreSQL instead of SQL Server?
Is there anything particular to look our for?
Could you explain why this code:
services.ConfigureGenericServicesEntities(typeof(MyDbContext), typeof(CompanyDbContext)) .ScanAssemblesForDtos(Assembly.GetAssembly(typeof(ListUsersDto))) .RegisterGenericServices();
Is causing so many errors e.g.
InvalidOperationException: The entity type 'CompanyAddress' requires a primary key to be defined. If you intended to use a keyless entity type call 'HasNoKey()'.
However, it does has a composite key.
modelBuilder.Entity<CompanyAddress>(entity => { entity.HasKey(e => new { e.CompanyId, e.AddressId }); .... }
Hey there, really nice articles about augmenting default authorization capabilities. One feature that could be really nice to add in my opinion would be to add permissions not only to roles but also to specific users.
This way, most permissions could be generalized as they currently are, and the system would be flexible enough to allow super user or other high privileges user to add/remove specific permissions on a per-user basis, eliminating one of the big downsides or role based authorization which often leads to multiple roles being created for very narrow use cases that are often specific to individual users and not groups of users.
Hi Jon,
Whenever I go to a new page the PAC2 spits our this SQL for every role in the database. Have a missed something?
Should these have been cached the first time the application starts?
exec sp_executesql N'SELECT TOP(1) [r].[RoleName], [r].[Description], [r].[PermissionsInRole] FROM [Security].[RolesToPermissions] AS [r] WHERE [r].[RoleName] = @__p_0',N'@__p_0 nvarchar(100)',@__p_0=N'CacheRole' go
Hello @JonPSmith ,
Great solution to implement Roles and permission in asp.net core.
Quick question - can we use roles and permission in Angular 8 clientapp with core 3.0 APIs with ApplicationUser to authorize APIControllers?
Any pointer is greatly appreciated. Thanks again!
Hello,
Thanks for your great project. I'm currently integrating it into my own open source project and noticed that it would be more logical to use default(CancellationToken)
instead of new CancellationToken()
in the following code:
In my understanding, this means that you pass a not null cancellation token when it's null, thus cancelling the operation?
Looks like the permissions to show the Sell menu were accidentally changed from SalesRead || StockRead to SalesRead only, making the SalesAssistant unable to sell.
The following exception is thrown when using the "Permanent" Database option:
"Introducing FOREIGN KEY constraint 'FK_ShopSales_Tenants_TenantItemId' on table 'ShopSales' may cause cycles or multiple cascade paths. Specify ON DELETE NO ACTION or ON UPDATE NO ACTION, or modify other FOREIGN KEY constraints.
Could not create constraint or index. See previous errors."
I have setup the PermissionsAccessControl2 as my start project but when i build i get an error so cant run it.
My error is
Severity Code Description Project File Line Suppression State
Error MSB4018 The "RazorTagHelper" task failed unexpectedly.
System.InvalidOperationException: DOTNET_HOST_PATH is not set
at Microsoft.AspNetCore.Razor.Tasks.DotNetToolTask.get_DotNetPath()
at Microsoft.AspNetCore.Razor.Tasks.DotNetToolTask.GenerateFullPathToTool()
at Microsoft.Build.Utilities.ToolTask.ComputePathToTool()
at Microsoft.Build.Utilities.ToolTask.Execute()
at Microsoft.AspNetCore.Razor.Tasks.DotNetToolTask.Execute()
at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
at Microsoft.Build.BackEnd.TaskBuilder.d__26.MoveNext() PermissionAccessControl2 C:\Users*******.nuget\packages\microsoft.aspnetcore.razor.design\2.2.0\build\netstandard2.0\Microsoft.AspNetCore.Razor.Design.CodeGeneration.targets 79
Hello there,
Again thanks for providing this code, the more I work with it the more impressed I am. However I would like to report a possible issue in the sample application that may happen in a real world scenario. For instance, the demo application comes with the following company definitions:
4U Inc.|West Coast|San Fran|SF Dress4U, SF Tie4U, SF Shirt4U
4U Inc.|West Coast|LA|LA Dress4U, LA Tie4U, LA Shirt4U
4U Inc.|East Coast|NY Dress4U, Boston Shirt4U
Pets2 Ltd.|London|Cats Place, Kitten Place
Pets2 Ltd.|Bristol|Dogs Place, Puppy Place
However, if I change it to:
4U Inc.|West Coast|San Fran|SF Dress4U, SF Tie4U, SF Shirt4U 4U Inc.|West Coast|LA|LA Dress4U, LA Tie4U, LA Shirt4U 4U Inc.|East Coast|NY Dress4U, Boston Shirt4U Pets2 Ltd.|West Coast|Cats Place, Kitten Place Pets2 Ltd.|Bristol|Dogs Place, Puppy Place
Then I get a System.InvalidOperationException: 'Sequence contains more than one element'
because the FirstOfDefault in DemoSetup:55 fails. However, isn't this a possible situation? (e.g. Pets2 Ltd. also migrating to the West Coast)?
I know it is a demo, but should I worry about non-uniqueness of other entities in the code?
Hi Jon,
I've got another question, hopefully a quick one ;-)
Using the company/group/retail outlet with an hierarchical data key as an example, what would be the best way to ensure that whenever Joe (LA divisional manager in the example) creates and saves an entity that should relate only to LA Shirt4U, this entity gets saved with the datakey for this shop, and not with Joe's division-wide data key?
Should it be set manually in those cases?
Sorry if there is a mechanism already implemented for achieving this, but I couldn't find it in the code yet.
Hi John,
Thank you for your contributions!
Much appreciated.
Unfortunately the complexity of the code you've written is quite a mouthful for me and i could use some guidance.
I'm currently testing your code, but i get some errors when trying to migrate the ApplicationDbContext database. What i want to achieve is to add some personal data to each of the users, which I intend to store in the ApplicationDbContext.
However when i try to migrate the updated context i get the following error.
Add-migration CreateIdentitySchema -c ApplicationDbContext -v Using project '<ProjectName>'. Using startup project '<ProjectName>'. Build started... Build succeeded. C:\Program Files\dotnet\dotnet.exe exec --depsfile "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\bin\Debug\netcoreapp2.2\<ProjectName>.deps.json" --additionalprobingpath C:\Users\<User>\.nuget\packages --additionalprobingpath "C:\Program Files\dotnet\sdk\NuGetFallbackFolder" --runtimeconfig "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\bin\Debug\netcoreapp2.2\<ProjectName>.runtimeconfig.json" C:\Users\<User>\.nuget\packages\microsoft.entityframeworkcore.tools\2.2.6\tools\netcoreapp2.0\any\ef.dll migrations add CreateIdentitySchema --json --context ApplicationDbContext --verbose --no-color --prefix-output --assembly "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\bin\Debug\netcoreapp2.2\<ProjectName>.dll" --startup-assembly "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\bin\Debug\netcoreapp2.2\<ProjectName>.dll" --project-dir "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\\" --language C# --working-dir "C:\Users\<User>\Documents\Repo\Dev\<ProjectName>" --root-namespace <ProjectName> Using assembly '<ProjectName>'. Using startup assembly '<ProjectName>'. Using application base 'C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\bin\Debug\netcoreapp2.2'. Using working directory 'C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>'. Using root namespace '<ProjectName>'. Using project directory 'C:\Users\<User>\Documents\Repo\Dev\<ProjectName>\<ProjectName>\'. Finding DbContext classes... Finding IDesignTimeDbContextFactory implementations... Finding application service provider... Finding IWebHost accessor... No CreateWebHostBuilder(string[]) method was found on type '<ProjectName>.Program'. No application service provider was found. Finding DbContext classes in the project... Found DbContext 'ApplicationUser'. Found DbContext 'Hydro'. Found DbContext 'ApplicationDbContext'. Microsoft.EntityFrameworkCore.Design.OperationException: Unable to create an object of type 'ApplicationDbContext'. For the different patterns supported at design time, see https://go.microsoft.com/fwlink/?linkid=851728 ---> System.MissingMethodException: No parameterless constructor defined for this object. at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean wrapExceptions, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean wrapExceptions, Boolean skipCheckThis, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic, Boolean wrapExceptions) at Microsoft.EntityFrameworkCore.Design.Internal.DbContextOperations.<>c__DisplayClass12_3.<FindContextTypes>b__13() --- End of inner exception stack trace --- at Microsoft.EntityFrameworkCore.Design.Internal.DbContextOperations.<>c__DisplayClass12_3.<FindContextTypes>b__13() at Microsoft.EntityFrameworkCore.Design.Internal.DbContextOperations.CreateContext(Func
1 factory)
at Microsoft.EntityFrameworkCore.Design.Internal.DbContextOperations.CreateContext(String contextType)
at Microsoft.EntityFrameworkCore.Design.Internal.MigrationsOperations.AddMigration(String name, String outputDir, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.AddMigrationImpl(String name, String outputDir, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.AddMigration.<>c__DisplayClass0_1.<.ctor>b__0()
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.OperationBase.<>c__DisplayClass3_01.<Execute>b__0() at Microsoft.EntityFrameworkCore.Design.OperationExecutor.OperationBase.Execute(Action action) Unable to create an object of type 'ApplicationDbContext'. For the different patterns supported at design time, see https://go.microsoft.com/fwlink/?linkid=851728
How do i proceed from here.
Another question not related to any errors.
I'm also trying to modify the seed data, but ideally I want to do this as a company admin from a view. How would you go about changing that data dynamically? Do we get all the information we need by injecting the UserManager in the constructor to our views?
Hello Jon,
In my .net core 2.2 project (so this uses EF Core 2.2), I've added your classes to my DbContext and when manually launching the migration, I get the following error, I just fixed it by adding a private parameterless constructor to ModulesForUser entity.
Side note: Instead of using IdentityUser
, I use my own User
entity that adds some fields to the standard IdentityUser
, I will consider code changes but I don't think it causes troubles.
In the webapp's startup project:
>dotnet ef migrations add NewPermissionsSystem
System.InvalidOperationException: No suitable constructor found for entity type 'ModulesForUser'. The following constructors had parameters that could not be bound to properties of the entity type: cannot bind 'userId_', 'allowedPaidForModules_' in 'ModulesForUser(string userId_, PaidForModules allowedPaidForModules_)'.
at Microsoft.EntityFrameworkCore.Metadata.Conventions.Internal.ConstructorBindingConvention.Apply(InternalModelBuilder modelBuilder)
at Microsoft.EntityFrameworkCore.Metadata.Conventions.Internal.ConventionDispatcher.ImmediateConventionScope.OnModelBuilt(InternalModelBuilder modelBuilder)
at Microsoft.EntityFrameworkCore.ModelBuilder.FinalizeModel()
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at Microsoft.EntityFrameworkCore.Internal.DbContextServices.CreateModel()
Hi there,
First of all, thanks for sharing this code with the world!
This is not much an issue but rather a question. Would you consider repackaging the ideas and code presented in this repository as a library (or at least parts of it)? It would make it much easier to keep up with any eventual updates you would like to make to the code.
Hi Jon,
I have attached a log file of the error I am receiving when attempting to use Permanent for database setup. The Default Connection does work and creates the aspnet tables. For some reason, I am receiving an invalid object name error almost as if it wants to find a table called UsersToRoles, but I see no setup for a SQL object of that nature anywhere in the code. Hoping this is a super simple fix (interpreted as I am doing something wrong!)
Thanks!
Hi, I just downloaded and run last version (updated for 3.1), but I found a couple of problems:
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.