Activities of "safak.bal"
- ABP Framework version: v4.3.0
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace: N/A
- Steps to reproduce the issue:"
I have a user that has a role with only Role management -> Create permission (without edit, delete, change permissions) as shown in the picure below.
When I login with this user and go to Identity Management -> Roles page and click on Actions combo, I get an empty list (since user does not have edit, delete, change permissions) as shown in the picture below.
This seems like a bug to users. We expect combo not to open at all if there is no action user can take.
Hi, i am sure using correct tokens, which i sent you the claims
Host admin token { "nbf": 1620373769, "exp": 1651909769, "iss": "/ca-identity", "aud": "CA", "client_id": "CA_App", "sub": "c078ca72-4869-5383-7919-39fb0586c555", "auth_time": 1620373762, "idp": "local", "role": "admin", "phone_number_verified": "False", "email": "admin@abp.io", "email_verified": "False", "name": "admin", "sid": "2772ED5FA9773ADB01C8DCDF6B6E44D2", "iat": 1620373769, "scope": [ "openid", "CA", "offline_access" ], "amr": [ "pwd" ] }
Tenant admin token
{ "nbf": 1620373904, "exp": 1651909904, "iss": "/ca-identity", "aud": "CA", "client_id": "CA_App", "sub": "1f1207be-c392-3215-258e-39fb05868f66", "auth_time": 1620373896, "idp": "local", "tenantid": "0748e09a-d518-92fb-df3a-39fb058627cc", "role": "admin", "phone_number_verified": "False", "email": "admin@default-tenant.com", "email_verified": "False", "name": "admin", "sid": "AB62428E55B0BFB174AFD6FB1B8DBDCE", "iat": 1620373904, "scope": [ "openid", "CA", "offline_access" ], "amr": [ "pwd" ] }
is there a problem? when host admin has the permission the tenant token also making request and getting 200, but when i remove the permission from host admin role than bot tokens getting 403
In which document this is explained? i cannot see. Our migrationservice is still in fthe form of the first version. We need to change there like your example.
Permission Definition: queryManagement.AddChild(QueryPermissions.QueryManagement_ExportImport, localizationHelper.L("Permission:QueryManagement:ExportImport"));
AppService Method Authorization [Authorize(QueryPermissions.QueryManagement_ExportImport)] public async Task<IActionResult> Export()
Steps to repro:
- Add one or more tenants
- Give the permission to host , and remove from the tenant
- Get token with tenant admin and make request to the Export method and get 200 result code ( this must be 403 but returns 200)
- Remove the permission from host admin, get new token with tenant admin and make request to Export method and get 403 result code
As a result, when permission is granted to the host admin, all tenant admins without permission access the resource
Permission Definition: queryManagement.AddChild(QueryPermissions.QueryManagement_ExportImport, LocalizationHelper.L("Permission:QueryManagement:ExportImport"));
follow this steps:
- Add one or more tenants
- Add the permission definition
- Run DBMigrator
- Check the AbpPermissionGrants table and see only the Null TenantId is added and no tenant admin row is added
But i tested this; after adding the permission , if you add the tenant after the permission definition then everyting works fine
- ABP Framework version: v4.0.0
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Steps to reproduce the issue:
When i granted a permission to the host admin user, the tenant admin users can also acces the granted appservice method.
[Authorize(QueryPermissions.QueryManagement_ExportImport)] public async Task<IActionResult> Export()
but when i remove all the permissions including host admin, then the method is returing 403 as excepected. but this method can be accessible by tenant admins when i remove de tenant admins permissions, but host has permission.
- ABP Framework version: v4.0.0
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Steps to reproduce the issue:
After defining new permission, the permission is granted to the host admin user. Bu t i have 3 tenants and the permission is not granted to these tenant's admin users. When these permissions are granted and why new permission definition is not granted to the tenant admins too.
when will this bug and default langueage bug be fixed?
that error occurs in "Genel Görünüm" page. I opened the tab in Incognito mode and entered this demo address, after pressing "Genel Görünüm" page this error is thrown in console
http://9d7c0e1ede1ff59d.demo.commercial.abp.io/dashboard enter directly this address, and route dashboard from login you will see the error, and also the start and end date datepickers are not working.