Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Permissions Checks from Session.Use

See original GitHub issue

Hello,

I am currently using .Net Core on Abp 3.9.0

I am trying to make permissions work in a domain service that is called by a Background Job.

To be able to use the correct user, I am using :

using (_session.Use(user.TenantId, user.UserId))
{
      _importService.DoStuff();
}

This is working fine.

After that I need to check permissions but _session.Use does not seem to make that happen automatically and AbpAuthorize(“SomePermission”) attributes will always fail.

The first thing I have tried then is to remove the permission from there and check for grant manually in code in DoStuff method in domain service.

var checker = await _permissionChecker.IsGrantedAsync(_session.ToUserIdentifier(), "SomePermission");
if (!checker) throw new AbpAuthorizationException("You are not authorized to do that !");

This solution works and would have been fine if the domain service was not calling other injected domain services also requiring evaluating other permissions and so getting kind of a “cascading permission issue”. Doing all of this manually with PermissionChecker would lead to less clean code that just keep ApbAuthorize attributes, correctly doing their job when called in other situations.

Is there a way of making this work automatically without any manual fix other than Session.Use or just with a call to something that would look like PermissionChecker.Use() also surrounding _importService.DoStuff() ?

Thank you in advance for looking at this.

Issue Analytics

State:
Created 5 years ago
Comments:19 (7 by maintainers)

Top GitHub Comments

2reactions

iyilm4zcommented, Nov 21, 2018

@zetic-be i did a very long debug, and i saw the reason why you have this exception was really so simple. Because user # 2 is not host’s user. User # 2 has a tenant and it’s Default tenant. That’s why you should set tenantId to 1, not null like below. Also you can’t run method Test2 because user # 2 has no permission to manage tenants, that permission is host only.

using (_session.Use(1, 2))
{
     AsyncHelper.RunSync(() => _testManager.Test());
     AsyncHelper.RunSync(() => _testManager.Test2());
}

1reaction

acjhcommented, Nov 22, 2018

No, that is generally not correct.

Top Results From Across the Web

How do I check for permissions in a session? [duplicate]

Check the following: 1.) Use comparing instead of assigning if ($_SESSION['Permission'] === "admin") { header("location:adminmenu.html"); } ...

user permission cache in session or check from database?

What you want to do is come up with a strategy that caches the information you need as close to the request for...

What Are Session-Based Permission Sets?

A session-based permission set applies to a specific user session to grant someone functional access to permissions. Required Editions Available in: Sales.

Enforce a session document permission check for the ...

The system checks whether the user has explicit access to the Session document they specify. For example, if a user specifies the name...

How to integrate permission checks to your application

In this guide you will learn how Ory Permissions fits into your architecture and how to integrate it into your application.