Merge pull request #24515 from abpframework/ClientResourcePermission

Add ClientResourcePermissionValueProvider implementation

Author: EngincanV

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs

@@ -47,6 +47,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
 
             options.ResourceValueProviders.Add<UserResourcePermissionValueProvider>();
             options.ResourceValueProviders.Add<RoleResourcePermissionValueProvider>();
+            options.ResourceValueProviders.Add<ClientResourcePermissionValueProvider>();
         });
 
         Configure<AbpVirtualFileSystemOptions>(options =>

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs

@@ -44,7 +44,7 @@ public override async Task<MultiplePermissionGrantResult> CheckAsync(PermissionV
         var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
         if (clientId == null)
         {
-            return new MultiplePermissionGrantResult(permissionNames); ;
+            return new MultiplePermissionGrantResult(permissionNames);
         }
 
         using (CurrentTenant.Change(null))

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs

@@ -0,0 +1,55 @@
+using System.Linq;
+using System.Threading.Tasks;
+using Volo.Abp.MultiTenancy;
+using Volo.Abp.Security.Claims;
+
+namespace Volo.Abp.Authorization.Permissions.Resources;
+
+public class ClientResourcePermissionValueProvider : ResourcePermissionValueProvider
+{
+    public const string ProviderName = "C";
+
+    public override string Name => ProviderName;
+
+    protected ICurrentTenant CurrentTenant { get; }
+
+    public ClientResourcePermissionValueProvider(IResourcePermissionStore resourcePermissionStore, ICurrentTenant currentTenant)
+        : base(resourcePermissionStore)
+    {
+        CurrentTenant = currentTenant;
+    }
+
+    public override async Task<PermissionGrantResult> CheckAsync(ResourcePermissionValueCheckContext context)
+    {
+        var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
+
+        if (clientId == null)
+        {
+            return PermissionGrantResult.Undefined;
+        }
+
+        using (CurrentTenant.Change(null))
+        {
+            return await ResourcePermissionStore.IsGrantedAsync(context.Permission.Name, context.ResourceName, context.ResourceKey, Name, clientId)
+                ? PermissionGrantResult.Granted
+                : PermissionGrantResult.Undefined;
+        }
+    }
+
+    public override async Task<MultiplePermissionGrantResult> CheckAsync(ResourcePermissionValuesCheckContext context)
+    {
+        var permissionNames = context.Permissions.Select(x => x.Name).Distinct().ToArray();
+        Check.NotNullOrEmpty(permissionNames, nameof(permissionNames));
+
+        var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
+        if (clientId == null)
+        {
+            return new MultiplePermissionGrantResult(permissionNames);
+        }
+
+        using (CurrentTenant.Change(null))
+        {
+            return await ResourcePermissionStore.IsGrantedAsync(permissionNames, context.ResourceName, context.ResourceKey, Name, clientId);
+        }
+    }
+}

modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/UserRoleFinder.cs

@@ -35,10 +35,10 @@ public virtual async Task<List<UserFinderResult>> SearchUserAsync(string filter,
         {
             page = page < 1 ? 1 : page;
             var users = await IdentityUserRepository.GetListAsync(filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10);
-            return users.Select(user => new UserFinderResult
+            return users.Select(x => new UserFinderResult
             {
-                Id = user.Id,
-                UserName = user.UserName
+                Id = x.Id,
+                UserName = x.UserName
             }).ToList();
         }
     }
@@ -49,10 +49,10 @@ public virtual async Task<List<RoleFinderResult>> SearchRoleAsync(string filter,
         {
             page = page < 1 ? 1 : page;
             var roles = await IdentityRoleRepository.GetListAsync(filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10);
-            return roles.Select(user => new RoleFinderResult
+            return roles.Select(x => new RoleFinderResult
             {
-                Id = user.Id,
-                RoleName = user.Name
+                Id = x.Id,
+                RoleName = x.Name
             }).ToList();
         }
     }
@@ -62,10 +62,10 @@ public virtual async Task<List<UserFinderResult>> SearchUserByIdsAsync(Guid[] id
         using (IdentityUserRepository.DisableTracking())
         {
             var users = await IdentityUserRepository.GetListByIdsAsync(ids);
-            return users.Select(user => new UserFinderResult
+            return users.Select(x => new UserFinderResult
             {
-                Id = user.Id,
-                UserName = user.UserName
+                Id = x.Id,
+                UserName = x.UserName
             }).ToList();
         }
     }
@@ -75,10 +75,10 @@ public virtual async Task<List<RoleFinderResult>> SearchRoleByNamesAsync(string[
         using (IdentityUserRepository.DisableTracking())
         {
             var roles = await IdentityRoleRepository.GetListAsync(names);
-            return roles.Select(user => new RoleFinderResult
+            return roles.Select(x => new RoleFinderResult
             {
-                Id = user.Id,
-                RoleName = user.Name
+                Id = x.Id,
+                RoleName = x.Name
             }).ToList();
         }
     }

modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionProviderKeyLookupService.cs

@@ -30,9 +30,9 @@ public virtual async Task<List<ResourcePermissionProviderKeyInfo>> SearchAsync(s
         return roles.Select(r => new ResourcePermissionProviderKeyInfo(r.RoleName, r.RoleName)).ToList();
     }
 
-    public virtual async Task<List<ResourcePermissionProviderKeyInfo>> SearchAsync(string[] keys, CancellationToken cancellationToken = default)
+    public virtual Task<List<ResourcePermissionProviderKeyInfo>> SearchAsync(string[] keys, CancellationToken cancellationToken = default)
     {
-        var roles = await UserRoleFinder.SearchRoleByNamesAsync(keys.Distinct().ToArray());
-        return roles.Select(r => new ResourcePermissionProviderKeyInfo(r.RoleName, r.RoleName)).ToList();
+        // Keys are role names
+        return Task.FromResult(keys.Select(x => new ResourcePermissionProviderKeyInfo(x, x)).ToList());
     }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs

@@ -0,0 +1,10 @@
+using System;
+
+namespace Volo.Abp.IdentityServer.Clients;
+
+public class ClientFinderResult
+{
+    public Guid Id { get; set; }
+
+    public string ClientId { get; set; }
+}

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs

@@ -0,0 +1,9 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace Volo.Abp.IdentityServer.Clients;
+
+public interface IClientFinder
+{
+    Task<List<ClientFinderResult>> SearchAsync(string filter, int page = 1);
+}

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/FR.json

@@ -11,6 +11,7 @@
     "InvalidUsername": "Nom d'utilisateur ou mot de passe invalide!",
     "InvalidAuthenticatorCode": "Code d'authentification invalide !",
     "InvalidRecoveryCode": "Code de récupération invalide !",
-    "TheTargetUserIsNotLinkedToYou": "L'utilisateur cible n'est pas lié à vous!"
+    "TheTargetUserIsNotLinkedToYou": "L'utilisateur cible n'est pas lié à vous!",
+    "ClientResourcePermissionProviderKeyLookupService": "Client"
   }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ar.json

@@ -11,6 +11,7 @@
     "InvalidUsername": "اسم المستخدم أو كلمة المرور غير صالحة!",
     "InvalidAuthenticatorCode": "كود المصدق غير صالح!",
     "InvalidRecoveryCode": "رمز الاسترداد غير صالح!",
-    "TheTargetUserIsNotLinkedToYou": "المستخدم المستهدف غير مرتبط بك!"
+    "TheTargetUserIsNotLinkedToYou": "المستخدم المستهدف غير مرتبط بك!",
+    "ClientResourcePermissionProviderKeyLookupService": "العميل"
   }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/cs.json

@@ -11,6 +11,7 @@
     "InvalidUsername": "Neplatné uživatelské jméno či heslo!",
     "InvalidAuthenticatorCode": "Neplatný ověřovací kód!",
     "InvalidRecoveryCode": "Neplatný kód pro obnovení!",
-    "TheTargetUserIsNotLinkedToYou": "Cílový uživatel s vámi není spojen!"
+    "TheTargetUserIsNotLinkedToYou": "Cílový uživatel s vámi není spojen!",
+    "ClientResourcePermissionProviderKeyLookupService": "Klient"
   }
 }