Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Permissions Checks from Session.Use

See original GitHub issue


I am currently using .Net Core on Abp 3.9.0

I am trying to make permissions work in a domain service that is called by a Background Job.

To be able to use the correct user, I am using :

using (_session.Use(user.TenantId, user.UserId))

This is working fine.

After that I need to check permissions but _session.Use does not seem to make that happen automatically and AbpAuthorize(“SomePermission”) attributes will always fail.

The first thing I have tried then is to remove the permission from there and check for grant manually in code in DoStuff method in domain service.

var checker = await _permissionChecker.IsGrantedAsync(_session.ToUserIdentifier(), "SomePermission");
if (!checker) throw new AbpAuthorizationException("You are not authorized to do that !");

This solution works and would have been fine if the domain service was not calling other injected domain services also requiring evaluating other permissions and so getting kind of a “cascading permission issue”. Doing all of this manually with PermissionChecker would lead to less clean code that just keep ApbAuthorize attributes, correctly doing their job when called in other situations.

Is there a way of making this work automatically without any manual fix other than Session.Use or just with a call to something that would look like PermissionChecker.Use() also surrounding _importService.DoStuff() ?

Thank you in advance for looking at this.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:19 (7 by maintainers)

github_iconTop GitHub Comments

iyilm4zcommented, Nov 21, 2018

@zetic-be i did a very long debug, and i saw the reason why you have this exception was really so simple. Because user # 2 is not host’s user. User # 2 has a tenant and it’s Default tenant. That’s why you should set tenantId to 1, not null like below. Also you can’t run method Test2 because user # 2 has no permission to manage tenants, that permission is host only.

using (_session.Use(1, 2))
     AsyncHelper.RunSync(() => _testManager.Test());
     AsyncHelper.RunSync(() => _testManager.Test2());
acjhcommented, Nov 22, 2018

No, that is generally not correct.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How do I check for permissions in a session? [duplicate]
Check the following: 1.) Use comparing instead of assigning if ($_SESSION['Permission'] === "admin") { header("location:adminmenu.html"); } ...
Read more >
user permission cache in session or check from database?
What you want to do is come up with a strategy that caches the information you need as close to the request for...
Read more >
What Are Session-Based Permission Sets?
A session-based permission set applies to a specific user session to grant someone functional access to permissions. Required Editions Available in: Sales.
Read more >
Enforce a session document permission check for the ...
The system checks whether the user has explicit access to the Session document they specify. For example, if a user specifies the name...
Read more >
How to integrate permission checks to your application
In this guide you will learn how Ory Permissions fits into your architecture and how to integrate it into your application.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found