ABP Permissions

Introduction#

ABP's permission management is very comprehensive, including interface access, page access, menus, partial rendering, JavaScript, etc. The following describes all the use cases of ABP permissions.

Permission Definition Changes#

Modify the content of XXW.IDCloud.Application.Contracts\\Permissions\\IDCloudPermissionDefinitionProvider to change the permission definition.
Running the XXW.IDCloud.DbMigrator project will automatically grant new permissions to the "admin" role.

Interface Authorization#

If only logged-in users are allowed to access, simply add the [Authorize] attribute to the service.

If it is authorization for Abp's CRUD functions, directly add the following content to the constructor of the service implementation class:

// Note: Modify the Permission Policy according to the actual situation after the assignment statement
GetPolicyName = IDCloudPermissions.RemoteServersConfiguration.Default;
GetListPolicyName = IDCloudPermissions.RemoteServersConfiguration.Default;
CreatePolicyName = IDCloudPermissions.RemoteServersConfiguration.Create;
UpdatePolicyName = IDCloudPermissions.RemoteServersConfiguration.Edit;
DeletePolicyName = IDCloudPermissions.RemoteServersConfiguration.Delete;

If it is authorization for custom functions, there are two ways to authorize, and the Permission Policy should be modified according to the actual situation:

Call await CheckPolicyAsync(GetListPolicyName); inside the function.
Add the [Authorize(GetListPolicyName)] attribute to the method signature.

Website Sidebar Authorization#

To show or hide menus in the website sidebar, i.e., menu authorization:

Find XXW.IDCloud.Web\\Menus\\IDCloudMenuContributor.ConfigureMainMenuAsync().
Define menu metadata.
Call .RequirePermissions(IDCloudPermissions.RemoteServersBoard.Default) on the menu. Adjust the Permission Policy inside this function according to the actual situation.

Razor Pages Authorization#

Only authorizing menus does not truly protect the pages. If the page path is directly entered in the browser, the page can still be accessed. Therefore, the pages also need to be authorized:

Find XXW.IDCloud.Web\\IDCloudWebModule.ConfigureServices() and locate the code for Configure<RazorPagesOptions>.
Refer to the existing configuration and add the following code to authorize the page path. Modify the page path and Permission Policy according to the actual situation:
```
options.Conventions.AuthorizePage("/RemoteServers/Board/Remote", IDCloudPermissions.RemoteServersBoard.Remote);    
```

Razor Pages Server Side Render Authorization#

After authorizing the pages, the server-rendered content within the pages also needs to be authorized, i.e., only allowing the use of functionalities that the user has permission for:

Add @inject IAuthorizationService AuthorizationService inside the Razor Pages page to inject the authorization service.
Add the following authorization code outside the server-rendered content that needs to be authorized. Modify the Permission Policy according to the actual situation:
```
@if (await AuthorizationService.IsGrantedAsync(IDCloudPermissions.RemoteServersConfiguration.Create))
{
	<p>hi</>
}    
```

JavaScript Authorization#

Even after authorizing the Server Side Render content, the application is still not fully protected because some content is dynamically loaded through JavaScript. This part needs to be authorized using JavaScript:

Open the JavaScript code that needs to be authorized and add the following authorization code. Modify the Permission Policy according to the actual situation:
```
abp.auth.isGranted('IDCloud.RemoteServers.Configuration.Edit')    
```