diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs index 65b7e1b3902..159b72ad66d 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs @@ -47,6 +47,7 @@ public override void ConfigureServices(ServiceConfigurationContext context) options.ResourceValueProviders.Add(); options.ResourceValueProviders.Add(); + options.ResourceValueProviders.Add(); }); Configure(options => diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs index 13c7981063c..d3ac6870d32 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs @@ -44,7 +44,7 @@ public override async Task CheckAsync(PermissionV var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value; if (clientId == null) { - return new MultiplePermissionGrantResult(permissionNames); ; + return new MultiplePermissionGrantResult(permissionNames); } using (CurrentTenant.Change(null)) diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs new file mode 100644 index 00000000000..2a732925288 --- /dev/null +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/Resources/ClientResourcePermissionValueProvider.cs @@ -0,0 +1,55 @@ +using System.Linq; +using System.Threading.Tasks; +using Volo.Abp.MultiTenancy; +using Volo.Abp.Security.Claims; + +namespace Volo.Abp.Authorization.Permissions.Resources; + +public class ClientResourcePermissionValueProvider : ResourcePermissionValueProvider +{ + public const string ProviderName = "C"; + + public override string Name => ProviderName; + + protected ICurrentTenant CurrentTenant { get; } + + public ClientResourcePermissionValueProvider(IResourcePermissionStore resourcePermissionStore, ICurrentTenant currentTenant) + : base(resourcePermissionStore) + { + CurrentTenant = currentTenant; + } + + public override async Task CheckAsync(ResourcePermissionValueCheckContext context) + { + var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value; + + if (clientId == null) + { + return PermissionGrantResult.Undefined; + } + + using (CurrentTenant.Change(null)) + { + return await ResourcePermissionStore.IsGrantedAsync(context.Permission.Name, context.ResourceName, context.ResourceKey, Name, clientId) + ? PermissionGrantResult.Granted + : PermissionGrantResult.Undefined; + } + } + + public override async Task CheckAsync(ResourcePermissionValuesCheckContext context) + { + var permissionNames = context.Permissions.Select(x => x.Name).Distinct().ToArray(); + Check.NotNullOrEmpty(permissionNames, nameof(permissionNames)); + + var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value; + if (clientId == null) + { + return new MultiplePermissionGrantResult(permissionNames); + } + + using (CurrentTenant.Change(null)) + { + return await ResourcePermissionStore.IsGrantedAsync(permissionNames, context.ResourceName, context.ResourceKey, Name, clientId); + } + } +} diff --git a/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/UserRoleFinder.cs b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/UserRoleFinder.cs index 48d8b01a73e..633bbd1ed96 100644 --- a/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/UserRoleFinder.cs +++ b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/UserRoleFinder.cs @@ -35,10 +35,10 @@ public virtual async Task> SearchUserAsync(string filter, { page = page < 1 ? 1 : page; var users = await IdentityUserRepository.GetListAsync(filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); - return users.Select(user => new UserFinderResult + return users.Select(x => new UserFinderResult { - Id = user.Id, - UserName = user.UserName + Id = x.Id, + UserName = x.UserName }).ToList(); } } @@ -49,10 +49,10 @@ public virtual async Task> SearchRoleAsync(string filter, { page = page < 1 ? 1 : page; var roles = await IdentityRoleRepository.GetListAsync(filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); - return roles.Select(user => new RoleFinderResult + return roles.Select(x => new RoleFinderResult { - Id = user.Id, - RoleName = user.Name + Id = x.Id, + RoleName = x.Name }).ToList(); } } @@ -62,10 +62,10 @@ public virtual async Task> SearchUserByIdsAsync(Guid[] id using (IdentityUserRepository.DisableTracking()) { var users = await IdentityUserRepository.GetListByIdsAsync(ids); - return users.Select(user => new UserFinderResult + return users.Select(x => new UserFinderResult { - Id = user.Id, - UserName = user.UserName + Id = x.Id, + UserName = x.UserName }).ToList(); } } @@ -75,10 +75,10 @@ public virtual async Task> SearchRoleByNamesAsync(string[ using (IdentityUserRepository.DisableTracking()) { var roles = await IdentityRoleRepository.GetListAsync(names); - return roles.Select(user => new RoleFinderResult + return roles.Select(x => new RoleFinderResult { - Id = user.Id, - RoleName = user.Name + Id = x.Id, + RoleName = x.Name }).ToList(); } } diff --git a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionProviderKeyLookupService.cs b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionProviderKeyLookupService.cs index fa9fc31f79d..ab1824e13d2 100644 --- a/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionProviderKeyLookupService.cs +++ b/modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RoleResourcePermissionProviderKeyLookupService.cs @@ -30,9 +30,9 @@ public virtual async Task> SearchAsync(s return roles.Select(r => new ResourcePermissionProviderKeyInfo(r.RoleName, r.RoleName)).ToList(); } - public virtual async Task> SearchAsync(string[] keys, CancellationToken cancellationToken = default) + public virtual Task> SearchAsync(string[] keys, CancellationToken cancellationToken = default) { - var roles = await UserRoleFinder.SearchRoleByNamesAsync(keys.Distinct().ToArray()); - return roles.Select(r => new ResourcePermissionProviderKeyInfo(r.RoleName, r.RoleName)).ToList(); + // Keys are role names + return Task.FromResult(keys.Select(x => new ResourcePermissionProviderKeyInfo(x, x)).ToList()); } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs new file mode 100644 index 00000000000..d0c42968c7b --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/ClientFinderResult.cs @@ -0,0 +1,10 @@ +using System; + +namespace Volo.Abp.IdentityServer.Clients; + +public class ClientFinderResult +{ + public Guid Id { get; set; } + + public string ClientId { get; set; } +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs new file mode 100644 index 00000000000..be96379902f --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Clients/IClientFinder.cs @@ -0,0 +1,9 @@ +using System.Collections.Generic; +using System.Threading.Tasks; + +namespace Volo.Abp.IdentityServer.Clients; + +public interface IClientFinder +{ + Task> SearchAsync(string filter, int page = 1); +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/FR.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/FR.json index 1d62307724d..27edc5d80a1 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/FR.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/FR.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nom d'utilisateur ou mot de passe invalide!", "InvalidAuthenticatorCode": "Code d'authentification invalide !", "InvalidRecoveryCode": "Code de récupération invalide !", - "TheTargetUserIsNotLinkedToYou": "L'utilisateur cible n'est pas lié à vous!" + "TheTargetUserIsNotLinkedToYou": "L'utilisateur cible n'est pas lié à vous!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ar.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ar.json index 3329275161a..ee9fd119138 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ar.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ar.json @@ -11,6 +11,7 @@ "InvalidUsername": "اسم المستخدم أو كلمة المرور غير صالحة!", "InvalidAuthenticatorCode": "كود المصدق غير صالح!", "InvalidRecoveryCode": "رمز الاسترداد غير صالح!", - "TheTargetUserIsNotLinkedToYou": "المستخدم المستهدف غير مرتبط بك!" + "TheTargetUserIsNotLinkedToYou": "المستخدم المستهدف غير مرتبط بك!", + "ClientResourcePermissionProviderKeyLookupService": "العميل" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/cs.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/cs.json index 1c5cb2bbf67..f77e12665bb 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/cs.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/cs.json @@ -11,6 +11,7 @@ "InvalidUsername": "Neplatné uživatelské jméno či heslo!", "InvalidAuthenticatorCode": "Neplatný ověřovací kód!", "InvalidRecoveryCode": "Neplatný kód pro obnovení!", - "TheTargetUserIsNotLinkedToYou": "Cílový uživatel s vámi není spojen!" + "TheTargetUserIsNotLinkedToYou": "Cílový uživatel s vámi není spojen!", + "ClientResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/de.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/de.json index b0fc6bd6408..3738380e70f 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/de.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/de.json @@ -11,6 +11,7 @@ "InvalidUsername": "Ungültiger Benutzername oder Passwort!", "InvalidAuthenticatorCode": "Ungültiger Authentifizierungscode!", "InvalidRecoveryCode": "Ungültiger Wiederherstellungscode!", - "TheTargetUserIsNotLinkedToYou": "Der Zielbenutzer ist nicht mit Ihnen verknüpft!" + "TheTargetUserIsNotLinkedToYou": "Der Zielbenutzer ist nicht mit Ihnen verknüpft!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/el.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/el.json index 246db314c78..9528ee45de1 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/el.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/el.json @@ -10,6 +10,7 @@ "LoginIsNotAllowed": "Δεν επιτρέπεται να συνδεθείτε! Ο λογαριασμός σας είναι ανενεργός ή χρειάζεται να επιβεβαιώσετε το email/τον αριθμό τηλεφώνου σας.", "InvalidUsername": "Μη έγκυρο όνομα ή κωδικός!", "InvalidAuthenticatorCode": "Μη έγκυρος κωδικός ελέγχου ταυτότητας!", - "TheTargetUserIsNotLinkedToYou": "Ο χρήστης-στόχος δεν είναι συνδεδεμένος με εσάς!" + "TheTargetUserIsNotLinkedToYou": "Ο χρήστης-στόχος δεν είναι συνδεδεμένος με εσάς!", + "ClientResourcePermissionProviderKeyLookupService": "Πελάτης" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en-GB.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en-GB.json index 173379249cf..aaf48fefee0 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en-GB.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en-GB.json @@ -9,6 +9,7 @@ "InvalidUserNameOrPassword": "Invalid username or password!", "LoginIsNotAllowed": "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.", "InvalidUsername": "Invalid username or password!", - "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!" + "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json index 82d4be83b01..71ee5435446 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json @@ -11,6 +11,7 @@ "InvalidUsername": "Invalid username or password!", "InvalidAuthenticatorCode": "Invalid authenticator code!", "InvalidRecoveryCode": "Invalid recovery code!", - "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!" + "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/es.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/es.json index 4c2ecd92ee2..9cd39dea549 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/es.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/es.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nombre de usuario icorrecto", "InvalidAuthenticatorCode": "¡Código de autenticador no válido!", "InvalidRecoveryCode": "¡Código de recuperación no válido!", - "TheTargetUserIsNotLinkedToYou": "El usuario de destino no está asociado a usted." + "TheTargetUserIsNotLinkedToYou": "El usuario de destino no está asociado a usted.", + "ClientResourcePermissionProviderKeyLookupService": "Cliente" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fa.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fa.json index 8713511f43d..ec7f8d355be 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fa.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fa.json @@ -11,6 +11,7 @@ "InvalidUsername": "نام کاربری یا رمز عبور نامعتبر!", "InvalidAuthenticatorCode": "کد احراز هویت نامعتبر!", "InvalidRecoveryCode": "کد بازیابی نامعتبر!", - "TheTargetUserIsNotLinkedToYou": "کاربر هدف به شما پیوند داده نشده است!" + "TheTargetUserIsNotLinkedToYou": "کاربر هدف به شما پیوند داده نشده است!", + "ClientResourcePermissionProviderKeyLookupService": "کلاینت" } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fi.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fi.json index 94779f34b36..fe3f0747a92 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fi.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/fi.json @@ -11,6 +11,7 @@ "InvalidUsername": "Väärä käyttäjänimi tai salasana!", "InvalidAuthenticatorCode": "Virheellinen todennuskoodi!", "InvalidRecoveryCode": "Virheellinen palautuskoodi!", - "TheTargetUserIsNotLinkedToYou": "Kohdekäyttäjä ei ole linkitetty sinuun!" + "TheTargetUserIsNotLinkedToYou": "Kohdekäyttäjä ei ole linkitetty sinuun!", + "ClientResourcePermissionProviderKeyLookupService": "Asiakas" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hi.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hi.json index 2df86f55bca..c1e2dbe4b52 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hi.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hi.json @@ -11,6 +11,7 @@ "InvalidUsername": "अमान्य उपयोगकर्ता नाम या पासवर्ड!", "InvalidAuthenticatorCode": "अमान्य प्रमाणक कोड!", "InvalidRecoveryCode": "अमान्य पुनर्प्राप्ति कोड!", - "TheTargetUserIsNotLinkedToYou": "लक्ष्य उपयोगकर्ता आपसे जुड़ा नहीं है!" + "TheTargetUserIsNotLinkedToYou": "लक्ष्य उपयोगकर्ता आपसे जुड़ा नहीं है!", + "ClientResourcePermissionProviderKeyLookupService": "क्लाइंट" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hr.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hr.json index da79db308c8..693bd3513ec 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hr.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hr.json @@ -11,6 +11,7 @@ "InvalidUsername": "Neispravno korisničko ime ili lozinka!", "InvalidAuthenticatorCode": "Nevažeći kod autentifikatora!", "InvalidRecoveryCode": "Nevažeći kod za oporavak!", - "TheTargetUserIsNotLinkedToYou": "Ciljani korisnik nije povezan s vama!" + "TheTargetUserIsNotLinkedToYou": "Ciljani korisnik nije povezan s vama!", + "ClientResourcePermissionProviderKeyLookupService": "Klijent" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hu.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hu.json index e41b61c7365..505e034724d 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hu.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/hu.json @@ -11,6 +11,7 @@ "InvalidUsername": "Érvénytelen felhasználónév vagy jelszó!", "InvalidAuthenticatorCode": "Érvénytelen hitelesítő kód!", "InvalidRecoveryCode": "Érvénytelen helyreállítási kód!", - "TheTargetUserIsNotLinkedToYou": "A célfelhasználó nincs hozzád kapcsolódva!" + "TheTargetUserIsNotLinkedToYou": "A célfelhasználó nincs hozzád kapcsolódva!", + "ClientResourcePermissionProviderKeyLookupService": "Kliens" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/is.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/is.json index 8f972656916..fc4b11af187 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/is.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/is.json @@ -11,6 +11,7 @@ "InvalidUsername": "Ógilt notendanafn eða lykilorð!", "InvalidAuthenticatorCode": "Ógildur auðkenningarkóði!", "InvalidRecoveryCode": "Ógildur endurheimtarkóði!", - "TheTargetUserIsNotLinkedToYou": "Marknotandinn er ekki tengdur þér!" + "TheTargetUserIsNotLinkedToYou": "Marknotandinn er ekki tengdur þér!", + "ClientResourcePermissionProviderKeyLookupService": "Biðlari" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/it.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/it.json index 1795289fa3d..eb0e87c3464 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/it.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/it.json @@ -11,6 +11,7 @@ "InvalidUsername": "Username o password non validi!", "InvalidAuthenticatorCode": "Codice autenticatore non valido!", "InvalidRecoveryCode": "Codice di ripristino non valido!", - "TheTargetUserIsNotLinkedToYou": "L'utente indicato non è collegato a te!" + "TheTargetUserIsNotLinkedToYou": "L'utente indicato non è collegato a te!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/nl.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/nl.json index e8a7a5c0b17..baaca72b610 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/nl.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/nl.json @@ -11,6 +11,7 @@ "InvalidUsername": "Ongeldige gebruikersnaam of wachtwoord!", "InvalidAuthenticatorCode": "Ongeldige authenticatiecode!", "InvalidRecoveryCode": "Ongeldige herstelcode!", - "TheTargetUserIsNotLinkedToYou": "De beoogde gebruiker is niet aan jou gekoppeld!" + "TheTargetUserIsNotLinkedToYou": "De beoogde gebruiker is niet aan jou gekoppeld!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pl-PL.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pl-PL.json index a231a6ec3f4..59a831a8782 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pl-PL.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pl-PL.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nieprawidłowa nazwa użytkownika lub hasło!", "InvalidAuthenticatorCode": "Nieprawidłowy kod uwierzytelniający!", "InvalidRecoveryCode": "Nieprawidłowy kod odzyskiwania!", - "TheTargetUserIsNotLinkedToYou": "Docelowy użytkownik nie jest z Tobą powiązany!" + "TheTargetUserIsNotLinkedToYou": "Docelowy użytkownik nie jest z Tobą powiązany!", + "ClientResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pt-BR.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pt-BR.json index db5d2fb00e2..35ab5aa7116 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pt-BR.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/pt-BR.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nome de usuário ou senha inválidos!", "InvalidAuthenticatorCode": "Código de autenticador inválido!", "InvalidRecoveryCode": "Código de recuperação inválido!", - "TheTargetUserIsNotLinkedToYou": "O usuário-alvo não está vinculado a você!" + "TheTargetUserIsNotLinkedToYou": "O usuário-alvo não está vinculado a você!", + "ClientResourcePermissionProviderKeyLookupService": "Cliente" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ro-RO.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ro-RO.json index a1af7963732..9ab41e64bcc 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ro-RO.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ro-RO.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nume de utilizator sau parolă invalidă!", "InvalidAuthenticatorCode": "Cod de autentificare invalid!", "InvalidRecoveryCode": "Cod de recuperare nevalid!", - "TheTargetUserIsNotLinkedToYou": "Utilizatorul ţintă nu este conectat la dumneavoastră!" + "TheTargetUserIsNotLinkedToYou": "Utilizatorul ţintă nu este conectat la dumneavoastră!", + "ClientResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ru.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ru.json index 0c8a0f9fe59..90db053cd69 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ru.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/ru.json @@ -11,6 +11,7 @@ "InvalidUsername": "Неверное имя пользователя или пароль!", "InvalidAuthenticatorCode": "Неверный код аутентификатора!", "InvalidRecoveryCode": "Неверный код восстановления!", - "TheTargetUserIsNotLinkedToYou": "Целевой пользователь не связан с вами!" + "TheTargetUserIsNotLinkedToYou": "Целевой пользователь не связан с вами!", + "ClientResourcePermissionProviderKeyLookupService": "Клиент" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sk.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sk.json index e0e31056fd8..181ae21fa26 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sk.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sk.json @@ -11,6 +11,7 @@ "InvalidUsername": "Nesprávne používateľské meno alebo heslo!", "InvalidAuthenticatorCode": "Neplatný overovací kód!", "InvalidRecoveryCode": "Neplatný kód na obnovenie!", - "TheTargetUserIsNotLinkedToYou": "Cieľový používateľ nie je s vami prepojený!" + "TheTargetUserIsNotLinkedToYou": "Cieľový používateľ nie je s vami prepojený!", + "ClientResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sl.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sl.json index 527b11b35f6..b6d653d4066 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sl.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sl.json @@ -11,6 +11,7 @@ "InvalidUsername": "Napačno uporabniško ime ali geslo!", "InvalidAuthenticatorCode": "Neveljavna koda za preverjanje pristnosti!", "InvalidRecoveryCode": "Neveljavna obnovitvena koda!", - "TheTargetUserIsNotLinkedToYou": "Ciljni uporabnik ni povezan z vami!" + "TheTargetUserIsNotLinkedToYou": "Ciljni uporabnik ni povezan z vami!", + "ClientResourcePermissionProviderKeyLookupService": "Odjemalec" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sv.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sv.json index cdbf5d0dffa..f0a1921bdf6 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sv.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/sv.json @@ -11,6 +11,7 @@ "InvalidUsername": "Ogiltigt användarnamn eller lösenord!", "InvalidAuthenticatorCode": "Ogiltig autentiseringskod!", "InvalidRecoveryCode": "Ogiltig återställningskod!", - "TheTargetUserIsNotLinkedToYou": "Målanvändaren är inte kopplad till dig!" + "TheTargetUserIsNotLinkedToYou": "Målanvändaren är inte kopplad till dig!", + "ClientResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json index ef893f60efc..1d1e9e7c36f 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json @@ -11,6 +11,7 @@ "InvalidUsername": "Kullanıcı adı ya da şifre geçersiz!", "InvalidAuthenticatorCode": "Geçersiz kimlik doğrulama kodu!", "InvalidRecoveryCode": "Geçersiz kurtarma kodu!", - "TheTargetUserIsNotLinkedToYou": "Hedef kullanıcı sizinle bağlantılı değil!" + "TheTargetUserIsNotLinkedToYou": "Hedef kullanıcı sizinle bağlantılı değil!", + "ClientResourcePermissionProviderKeyLookupService": "İstemci" } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/vi.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/vi.json index 4d62d916118..6eeb3b68cfb 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/vi.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/vi.json @@ -11,6 +11,7 @@ "InvalidUsername": "Sai username hoặc password!", "InvalidAuthenticatorCode": "Mã xác thực không hợp lệ!", "InvalidRecoveryCode": "Mã khôi phục không hợp lệ!", - "TheTargetUserIsNotLinkedToYou": "Người dùng mục tiêu không được liên kết với bạn!" + "TheTargetUserIsNotLinkedToYou": "Người dùng mục tiêu không được liên kết với bạn!", + "ClientResourcePermissionProviderKeyLookupService": "Máy khách" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json index afb5824356a..bbe4d7773df 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json @@ -11,6 +11,7 @@ "InvalidUsername": "用户名或密码错误!", "InvalidAuthenticatorCode": "验证码无效!", "InvalidRecoveryCode": "恢复代码无效!", - "TheTargetUserIsNotLinkedToYou": "目标用户与您没有关联!" + "TheTargetUserIsNotLinkedToYou": "目标用户与您没有关联!", + "ClientResourcePermissionProviderKeyLookupService": "客户端" } } \ No newline at end of file diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json index 3678d6b5723..5e592e1409c 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json @@ -11,6 +11,7 @@ "InvalidUsername": "用戶名或密碼錯誤!", "InvalidAuthenticatorCode": "驗證碼無效!", "InvalidRecoveryCode": "恢復碼無效!", - "TheTargetUserIsNotLinkedToYou": "目標用戶與您無關!" + "TheTargetUserIsNotLinkedToYou": "目標用戶與您無關!", + "ClientResourcePermissionProviderKeyLookupService": "用戶端" } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs new file mode 100644 index 00000000000..d64215a0470 --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/Clients/ClientFinder.cs @@ -0,0 +1,31 @@ +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Domain.Repositories; + +namespace Volo.Abp.IdentityServer.Clients; + +public class ClientFinder : IClientFinder, ITransientDependency +{ + protected IClientRepository ClientRepository { get; } + + public ClientFinder(IClientRepository clientRepository) + { + ClientRepository = clientRepository; + } + + public virtual async Task> SearchAsync(string filter, int page = 1) + { + using (ClientRepository.DisableTracking()) + { + page = page < 1 ? 1 : page; + var clients = await ClientRepository.GetListAsync(nameof(Client.ClientName), filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); + return clients.Select(x => new ClientFinderResult + { + Id = x.Id, + ClientId = x.ClientId + }).ToList(); + } + } +} diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/ClientResourcePermissionManagerExtensions.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/ClientResourcePermissionManagerExtensions.cs new file mode 100644 index 00000000000..16e686a2aae --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/ClientResourcePermissionManagerExtensions.cs @@ -0,0 +1,31 @@ +using System; +using System.Collections.Generic; +using System.Threading.Tasks; +using JetBrains.Annotations; +using Volo.Abp.Authorization.Permissions; + +namespace Volo.Abp.PermissionManagement; + +public static class ClientResourcePermissionManagerExtensions +{ + public static Task GetForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId, string permissionName) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.GetAsync(permissionName, resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId); + } + + public static Task> GetAllForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.GetAllAsync(resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId); + } + + public static Task SetForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId, [NotNull] string permissionName, bool isGranted) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.SetAsync(permissionName, resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId, isGranted); + } +} diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs index 3d2d42c28f2..2525ffb3d3b 100644 --- a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs @@ -1,5 +1,8 @@ -using Volo.Abp.Authorization.Permissions; +using System; +using Microsoft.Extensions.DependencyInjection; +using Volo.Abp.Authorization.Permissions; using Volo.Abp.IdentityServer; +using Volo.Abp.IdentityServer.Clients; using Volo.Abp.Modularity; namespace Volo.Abp.PermissionManagement.IdentityServer; @@ -18,5 +21,17 @@ public override void ConfigureServices(ServiceConfigurationContext context) options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = "IdentityServer.Client.ManagePermissions"; }); + + context.Services.AddAbpOptions().PostConfigure((options, serviceProvider) => + { + // The IClientFinder implementation in identity Server Pro module for tiered application. + if (serviceProvider.GetService() == null) + { + return; + } + + options.ResourceManagementProviders.Add(); + options.ResourcePermissionProviderKeyLookupServices.Add(); + }); } } diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientDeletedEventHandler.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientDeletedEventHandler.cs new file mode 100644 index 00000000000..2a5ebbfb71e --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientDeletedEventHandler.cs @@ -0,0 +1,31 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Domain.Entities.Events.Distributed; +using Volo.Abp.EventBus.Distributed; +using Volo.Abp.IdentityServer.Clients; +using Volo.Abp.Uow; + +namespace Volo.Abp.PermissionManagement.IdentityServer; + +public class ClientDeletedEventHandler : + IDistributedEventHandler>, + ITransientDependency +{ + protected IPermissionManager PermissionManager { get; } + protected IResourcePermissionManager ResourcePermissionManager { get; } + + public ClientDeletedEventHandler(IPermissionManager permissionManager, IResourcePermissionManager resourcePermissionManager) + { + PermissionManager = permissionManager; + ResourcePermissionManager = resourcePermissionManager; + } + + [UnitOfWork] + public virtual async Task HandleEventAsync(EntityDeletedEto eventData) + { + await PermissionManager.DeleteAsync(ClientPermissionValueProvider.ProviderName, eventData.Entity.ClientId); + await ResourcePermissionManager.DeleteAsync(ClientResourcePermissionValueProvider.ProviderName, eventData.Entity.ClientId); + } +} diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs index dd25c6d5c00..618588bdf4f 100644 --- a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs @@ -18,7 +18,6 @@ public ClientPermissionManagementProvider( guidGenerator, currentTenant) { - } public override Task CheckAsync(string name, string providerName, string providerKey) @@ -29,6 +28,14 @@ public override Task CheckAsync(string name, s } } + public override Task CheckAsync(string[] names, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, providerName, providerKey); + } + } + protected override Task GrantAsync(string name, string providerKey) { using (CurrentTenant.Change(null)) diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs new file mode 100644 index 00000000000..9285742131f --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionManagementProvider.cs @@ -0,0 +1,62 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.Guids; +using Volo.Abp.MultiTenancy; + +namespace Volo.Abp.PermissionManagement.IdentityServer; + +public class ClientResourcePermissionManagementProvider : ResourcePermissionManagementProvider +{ + public override string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ClientResourcePermissionManagementProvider( + IResourcePermissionGrantRepository permissionGrantRepository, + IGuidGenerator guidGenerator, + ICurrentTenant currentTenant) + : base( + permissionGrantRepository, + guidGenerator, + currentTenant) + { + } + + public override Task CheckAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(name, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task CheckAsync(string[] names, string resourceName, string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task SetAsync(string name, string resourceName, string resourceKey, string providerKey, bool isGranted) + { + using (CurrentTenant.Change(null)) + { + return base.SetAsync(name, resourceName, resourceKey, providerKey, isGranted); + } + } + + protected override async Task GrantAsync(string name, string resourceName, string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + await base.GrantAsync(name, resourceName, resourceKey, providerKey); + } + } + + protected override Task RevokeAsync(string name, string resourceName, string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.RevokeAsync(name, resourceName, resourceKey, providerKey); + } + } +} diff --git a/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs new file mode 100644 index 00000000000..7fc813dabb3 --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientResourcePermissionProviderKeyLookupService.cs @@ -0,0 +1,39 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading; +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.IdentityServer.Clients; +using Volo.Abp.IdentityServer.Localization; +using Volo.Abp.Localization; + +namespace Volo.Abp.PermissionManagement.IdentityServer; + +public class ClientResourcePermissionProviderKeyLookupService : IResourcePermissionProviderKeyLookupService, ITransientDependency +{ + public string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ILocalizableString DisplayName { get; } + + protected IClientFinder ClientFinder { get; } + + public ClientResourcePermissionProviderKeyLookupService(IClientFinder clientFinder) + { + ClientFinder = clientFinder; + DisplayName = LocalizableString.Create(nameof(ClientResourcePermissionProviderKeyLookupService)); + } + + public virtual async Task> SearchAsync(string filter = null, int page = 1, CancellationToken cancellationToken = default) + { + var clients = await ClientFinder.SearchAsync(filter, page); + return clients.Select(x => new ResourcePermissionProviderKeyInfo(x.ClientId, x.ClientId)).ToList(); + } + + public virtual Task> SearchAsync(string[] keys, CancellationToken cancellationToken = default) + { + // Keys are ClientIds + return Task.FromResult(keys.Select(x => new ResourcePermissionProviderKeyInfo(x, x)).ToList()); + } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/ApplicationFinderResult.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/ApplicationFinderResult.cs new file mode 100644 index 00000000000..5ff4d5041be --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/ApplicationFinderResult.cs @@ -0,0 +1,10 @@ +using System; + +namespace Volo.Abp.OpenIddict.Applications; + +public class ApplicationFinderResult +{ + public Guid Id { get; set; } + + public string ClientId { get; set; } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/IApplicationFinder.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/IApplicationFinder.cs new file mode 100644 index 00000000000..0585df8815e --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/IApplicationFinder.cs @@ -0,0 +1,9 @@ +using System.Collections.Generic; +using System.Threading.Tasks; + +namespace Volo.Abp.OpenIddict.Applications; + +public interface IApplicationFinder +{ + Task> SearchAsync(string filter, int page = 1); +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationClientIdChangedEto.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationClientIdChangedEto.cs new file mode 100644 index 00000000000..d80e5f35d68 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationClientIdChangedEto.cs @@ -0,0 +1,13 @@ +using System; + +namespace Volo.Abp.OpenIddict.Applications; + +[Serializable] +public class OpenIddictApplicationClientIdChangedEto +{ + public Guid Id { get; set; } + + public string ClientId { get; set; } + + public string OldClientId { get; set; } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationEto.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationEto.cs new file mode 100644 index 00000000000..ff853d2c4a8 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationEto.cs @@ -0,0 +1,43 @@ +using System; + +namespace Volo.Abp.OpenIddict.Applications; + +[Serializable] +public class OpenIddictApplicationEto +{ + public Guid Id { get; set; } + + public string ApplicationType { get; set; } + + public string ClientId { get; set; } + + public string ClientSecret { get; set; } + + public string ClientType { get; set; } + + public string ConsentType { get; set; } + + public string DisplayName { get; set; } + + public string DisplayNames { get; set; } + + public string JsonWebKeySet { get; set; } + + public string Permissions { get; set; } + + public string PostLogoutRedirectUris { get; set; } + + public string Properties { get; set; } + + public string RedirectUris { get; set; } + + public string Requirements { get; set; } + + public string Settings { get; set; } + + public string FrontChannelLogoutUri { get; set; } + + public string ClientUri { get; set; } + + public string LogoUri { get; set; } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ar.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ar.json index 61c52f63c59..c22bdea5081 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ar.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ar.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "هل تريد منح {0} حق الوصول إلى بياناتك؟", "ScopesRequested": "النطاقات المطلوبة", "Accept": "قبول", - "Deny": "رفض" + "Deny": "رفض", + "ApplicationResourcePermissionProviderKeyLookupService": "العميل" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/cs.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/cs.json index c219b5dc8fc..fda735746be 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/cs.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/cs.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Chcete uživateli {0} udělit přístup ke svým datům?", "ScopesRequested": "Požadované rozsahy", "Accept": "Akceptovat", - "Deny": "Odmítnout" + "Deny": "Odmítnout", + "ApplicationResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/de.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/de.json index 4c6438de375..affff9da297 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/de.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/de.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Möchten Sie {0} Zugriff auf Ihre Daten gewähren?", "ScopesRequested": "Umfänge angefordert", "Accept": "Akzeptieren", - "Deny": "Leugnen" + "Deny": "Leugnen", + "ApplicationResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/el.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/el.json index c10f34fb1d3..493c73b2a7a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/el.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/el.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Θέλετε να παραχωρήσετε στον χρήστη {0} πρόσβαση στα δεδομένα σας;", "ScopesRequested": "Ζητούνται πεδία εφαρμογής", "Accept": "Αποδοχή", - "Deny": "Άρνηση" + "Deny": "Άρνηση", + "ApplicationResourcePermissionProviderKeyLookupService": "Πελάτης" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/en.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/en.json index b6bd02bc15b..d742176bd5e 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/en.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/en.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Do you want to grant {0} access to your data?", "ScopesRequested": "Scopes requested", "Accept": "Accept", - "Deny": "Deny" + "Deny": "Deny", + "ApplicationResourcePermissionProviderKeyLookupService": "Client" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/es.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/es.json index 3bec447a247..ad5a974972a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/es.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/es.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "¿Quieres otorgarle a {0} acceso a tus datos?", "ScopesRequested": "Alcances solicitados", "Accept": "Aceptar", - "Deny": "Denegar" + "Deny": "Denegar", + "ApplicationResourcePermissionProviderKeyLookupService": "Cliente" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fa.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fa.json index f1649533a91..c0c2d82340e 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fa.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fa.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "آیا می خواهید به {0} اجازه دسترسی به داده های خود را بدهید؟", "ScopesRequested": "محدوده های درخواستی", "Accept": "پذیرش", - "Deny": "رد" + "Deny": "رد", + "ApplicationResourcePermissionProviderKeyLookupService": "کلاینت" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fi.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fi.json index 43dbfb17ac9..ce0bb20bfe1 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fi.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fi.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Haluatko myöntää käyttäjälle {0} pääsyn tietoihisi?", "ScopesRequested": "Laajuudet pyydetty", "Accept": "Hyväksy", - "Deny": "Kiellä" + "Deny": "Kiellä", + "ApplicationResourcePermissionProviderKeyLookupService": "Asiakas" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fr.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fr.json index 188116b53cf..c11964d21de 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fr.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/fr.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Voulez-vous accorder à {0} l'accès à vos données ?", "ScopesRequested": "Périmètres demandés", "Accept": "Accepter", - "Deny": "Refuser" + "Deny": "Refuser", + "ApplicationResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hi.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hi.json index 39b3370ca7c..7f2678d7a08 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hi.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hi.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "क्या आप {0} को अपने डेटा तक पहुंच प्रदान करना चाहते हैं?", "ScopesRequested": "दायरे का अनुरोध किया गया", "Accept": "स्वीकार करना", - "Deny": "अस्वीकार करना" + "Deny": "अस्वीकार करना", + "ApplicationResourcePermissionProviderKeyLookupService": "क्लाइंट" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hr.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hr.json index 2dfc3b3a9db..ee16d2b1e0a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hr.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hr.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Želite li {0} odobriti pristup vašim podacima?", "ScopesRequested": "Traženi dometi", "Accept": "Prihvatiti", - "Deny": "poreći" + "Deny": "poreći", + "ApplicationResourcePermissionProviderKeyLookupService": "Klijent" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hu.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hu.json index f55ea2ac746..7a5e7b19562 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hu.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/hu.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Hozzáférést szeretne adni a(z) {0} számára az adataihoz?", "ScopesRequested": "Kért hatókörök", "Accept": "Elfogad", - "Deny": "Tiltás" + "Deny": "Tiltás", + "ApplicationResourcePermissionProviderKeyLookupService": "Kliens" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/is.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/is.json index b9fc6a43cee..b6c5bafca6b 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/is.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/is.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Viltu veita {0} aðgang að gögnunum þínum?", "ScopesRequested": "Umfang óskað", "Accept": "Samþykkja", - "Deny": "Neita" + "Deny": "Neita", + "ApplicationResourcePermissionProviderKeyLookupService": "Biðlari" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/it.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/it.json index 22eb3bbafed..e5b67df57a1 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/it.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/it.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Vuoi concedere a {0} l'accesso ai tuoi dati?", "ScopesRequested": "Ambiti richiesti", "Accept": "Accettare", - "Deny": "Negare" + "Deny": "Negare", + "ApplicationResourcePermissionProviderKeyLookupService": "Cliente" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/nl.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/nl.json index b3b35c6acb8..7eb593fd2de 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/nl.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/nl.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Wilt u {0} toegang verlenen tot uw gegevens?", "ScopesRequested": "Scopes gevraagd", "Accept": "Aanvaarden", - "Deny": "Ontkennen" + "Deny": "Ontkennen", + "ApplicationResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pl-PL.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pl-PL.json index 2e5e19eae73..bff402519df 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pl-PL.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pl-PL.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Czy chcesz przyznać firmie {0} dostęp do swoich danych?", "ScopesRequested": "Poproszono o zakresy", "Accept": "Zaakceptować", - "Deny": "Zaprzeczyć" + "Deny": "Zaprzeczyć", + "ApplicationResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pt-BR.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pt-BR.json index 60c50e9e3e2..97f52a7f013 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pt-BR.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/pt-BR.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Deseja permitir {0} acessar seus dados?", "ScopesRequested": "Escopo solicitado", "Accept": "Aceitar", - "Deny": "Negar" + "Deny": "Negar", + "ApplicationResourcePermissionProviderKeyLookupService": "Cliente" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ro-RO.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ro-RO.json index a9d9eee22e0..579df65787f 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ro-RO.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ro-RO.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Doriți să acordați acces {0} la datele dvs.?", "ScopesRequested": "Domenii de aplicare solicitate", "Accept": "Accept", - "Deny": "Negați" + "Deny": "Negați", + "ApplicationResourcePermissionProviderKeyLookupService": "Client" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ru.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ru.json index 4f5b1d0e210..2f22d22da5b 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ru.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/ru.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Вы хотите предоставить пользователю {0} доступ к вашим данным?", "ScopesRequested": "Запрошенные объемы", "Accept": "Принимать", - "Deny": "Отрицать" + "Deny": "Отрицать", + "ApplicationResourcePermissionProviderKeyLookupService": "Клиент" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sk.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sk.json index 13e0853b2d4..cb017569cce 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sk.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sk.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Chcete používateľovi {0} udeliť prístup k svojim údajom?", "ScopesRequested": "Požadované rozsahy", "Accept": "súhlasiť", - "Deny": "Odmietnuť" + "Deny": "Odmietnuť", + "ApplicationResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sl.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sl.json index c8157ac5091..49d1bd148bc 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sl.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sl.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Ali želite aplikaciji {0} omogočiti dostop do vaših podatkov?", "ScopesRequested": "Zahtevani obsegi", "Accept": "Sprejmi", - "Deny": "Zanikati" + "Deny": "Zanikati", + "ApplicationResourcePermissionProviderKeyLookupService": "Odjemalec" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sv.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sv.json index 3e2a58578ed..063727a745d 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sv.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/sv.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Vill du ge {0} tillgång till dina data?", "ScopesRequested": "Begärda omfattningar", "Accept": "Acceptera", - "Deny": "Förneka" + "Deny": "Förneka", + "ApplicationResourcePermissionProviderKeyLookupService": "Klient" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/tr.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/tr.json index 907612a6c41..847eb5f482e 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/tr.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/tr.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Do you want to grant {0} access to your data?", "ScopesRequested": "İstenen kapsamlar", "Accept": "Kabul etmek", - "Deny": "Reddetmek" + "Deny": "Reddetmek", + "ApplicationResourcePermissionProviderKeyLookupService": "İstemci" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/vi.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/vi.json index c89d882a398..4435c322985 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/vi.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/vi.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "Bạn có muốn cấp cho {0} quyền truy cập vào dữ liệu của mình không?", "ScopesRequested": "Phạm vi được yêu cầu", "Accept": "Chấp nhận", - "Deny": "Từ chối" + "Deny": "Từ chối", + "ApplicationResourcePermissionProviderKeyLookupService": "Máy khách" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hans.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hans.json index f00a7c9e37d..ee7b4a7b0f2 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hans.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hans.json @@ -10,6 +10,7 @@ "DoYouWantToGrantAccessToYourData": "是否要授予 {0} 访问你的数据的权限?", "ScopesRequested": "要求的Scope", "Accept": "接受", - "Deny": "拒绝" + "Deny": "拒绝", + "ApplicationResourcePermissionProviderKeyLookupService": "客户端" } } \ No newline at end of file diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hant.json b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hant.json index 83aa0c35d15..ca1ceaed22c 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hant.json +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain.Shared/Volo/Abp/OpenIddict/Localization/OpenIddict/zh-Hant.json @@ -11,6 +11,7 @@ "DoYouWantToGrantAccessToYourData": "是否要授予 {0} 訪問你的數據的權限?", "ScopesRequested": "要求的Scope", "Accept": "接受", - "Deny": "拒絕" + "Deny": "拒絕", + "ApplicationResourcePermissionProviderKeyLookupService": "客戶端" } } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainMappers.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainMappers.cs new file mode 100644 index 00000000000..ef750fc3a6e --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainMappers.cs @@ -0,0 +1,13 @@ +using Riok.Mapperly.Abstractions; +using Volo.Abp.Mapperly; +using Volo.Abp.OpenIddict.Applications; + +namespace Volo.Abp.OpenIddict; + +[Mapper(RequiredMappingStrategy = RequiredMappingStrategy.Target)] +public partial class OpenIddictApplicationToOpenIddictApplicationEtoMapper : MapperBase +{ + public override partial OpenIddictApplicationEto Map(OpenIddictApplication source); + + public override partial void Map(OpenIddictApplication source, OpenIddictApplicationEto destination); +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs index fd20f710127..e235e16893b 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/AbpOpenIddictDomainModule.cs @@ -8,6 +8,7 @@ using Volo.Abp.Caching; using Volo.Abp.DistributedLocking; using Volo.Abp.Domain; +using Volo.Abp.Domain.Entities.Events.Distributed; using Volo.Abp.Guids; using Volo.Abp.Identity; using Volo.Abp.Modularity; @@ -18,6 +19,7 @@ using Volo.Abp.OpenIddict.Scopes; using Volo.Abp.OpenIddict.Tokens; using Volo.Abp.Threading; +using Volo.Abp.Users; namespace Volo.Abp.OpenIddict; @@ -36,6 +38,15 @@ public class AbpOpenIddictDomainModule : AbpModule public override void ConfigureServices(ServiceConfigurationContext context) { AddOpenIddictCore(context.Services); + + context.Services.AddMapperlyObjectMapper(); + + Configure(options => + { + options.EtoMappings.Add(typeof(AbpOpenIddictDomainModule)); + + options.AutoEventSelectors.Add(); + }); } public override void OnApplicationInitialization(ApplicationInitializationContext context) diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs new file mode 100644 index 00000000000..56c6f9af996 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationFinder.cs @@ -0,0 +1,31 @@ +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Domain.Repositories; + +namespace Volo.Abp.OpenIddict.Applications; + +public class AbpApplicationFinder : IApplicationFinder, ITransientDependency +{ + protected IOpenIddictApplicationRepository ApplicationRepository { get; } + + public AbpApplicationFinder(IOpenIddictApplicationRepository applicationRepository) + { + ApplicationRepository = applicationRepository; + } + + public virtual async Task> SearchAsync(string filter, int page = 1) + { + using (ApplicationRepository.DisableTracking()) + { + page = page < 1 ? 1 : page; + var applications = await ApplicationRepository.GetListAsync(nameof(OpenIddictApplication.CreationTime), filter: filter, skipCount: (page - 1) * 10, maxResultCount: 10); + return applications.Select(x => new ApplicationFinderResult + { + Id = x.Id, + ClientId = x.ClientId + }).ToList(); + } + } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs index ea2283ea259..478ccb68f12 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs @@ -6,29 +6,35 @@ using Microsoft.Extensions.Options; using OpenIddict.Abstractions; using OpenIddict.Core; +using Volo.Abp.EventBus.Distributed; namespace Volo.Abp.OpenIddict.Applications; public class AbpApplicationManager : OpenIddictApplicationManager, IAbpApplicationManager { protected AbpOpenIddictIdentifierConverter IdentifierConverter { get; } + protected IDistributedEventBus DistributedEventBus { get; } public AbpApplicationManager( [NotNull] IOpenIddictApplicationCache cache, [NotNull] ILogger logger, [NotNull] IOptionsMonitor options, [NotNull] IOpenIddictApplicationStore resolver, - AbpOpenIddictIdentifierConverter identifierConverter) + AbpOpenIddictIdentifierConverter identifierConverter, + IDistributedEventBus distributedEventBus) : base(cache, logger, options, resolver) { IdentifierConverter = identifierConverter; + DistributedEventBus = distributedEventBus; } - public async override ValueTask UpdateAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default) + public override async ValueTask UpdateAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default) { + var entity = await Store.FindByIdAsync(IdentifierConverter.ToString(application.Id), cancellationToken); + var oldClientId = entity?.ClientId; + if (!Options.CurrentValue.DisableEntityCaching) { - var entity = await Store.FindByIdAsync(IdentifierConverter.ToString(application.Id), cancellationToken); if (entity != null) { await Cache.RemoveAsync(entity, cancellationToken); @@ -36,9 +42,21 @@ public async override ValueTask UpdateAsync(OpenIddictApplicationModel applicati } await base.UpdateAsync(application, cancellationToken); + + if (oldClientId != null && + application.ClientId != null && + oldClientId != application.ClientId) + { + await DistributedEventBus.PublishAsync(new OpenIddictApplicationClientIdChangedEto + { + Id = application.Id, + OldClientId = oldClientId, + ClientId = application.ClientId + }); + } } - public async override ValueTask PopulateAsync(OpenIddictApplicationDescriptor descriptor, OpenIddictApplicationModel application, CancellationToken cancellationToken = default) + public override async ValueTask PopulateAsync(OpenIddictApplicationDescriptor descriptor, OpenIddictApplicationModel application, CancellationToken cancellationToken = default) { await base.PopulateAsync(descriptor, application, cancellationToken); @@ -60,7 +78,7 @@ public async override ValueTask PopulateAsync(OpenIddictApplicationDescriptor de } } - public async override ValueTask PopulateAsync(OpenIddictApplicationModel application, OpenIddictApplicationDescriptor descriptor, CancellationToken cancellationToken = default) + public override async ValueTask PopulateAsync(OpenIddictApplicationModel application, OpenIddictApplicationDescriptor descriptor, CancellationToken cancellationToken = default) { await base.PopulateAsync(application, descriptor, cancellationToken); diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IOpenIddictApplicationRepository.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IOpenIddictApplicationRepository.cs index 302f1fd5c7b..8f92ad83101 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IOpenIddictApplicationRepository.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IOpenIddictApplicationRepository.cs @@ -11,7 +11,7 @@ public interface IOpenIddictApplicationRepository : IBasicRepository> GetListAsync(string sorting, int skipCount, int maxResultCount, string filter = null, CancellationToken cancellationToken = default); Task GetCountAsync(string filter = null, CancellationToken cancellationToken = default); - + Task FindByClientIdAsync(string clientId, CancellationToken cancellationToken = default); Task> FindByPostLogoutRedirectUriAsync(string address, CancellationToken cancellationToken = default); diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.MongoDB/Volo/Abp/OpenIddict/Applications/MongoOpenIddictApplicationRepository.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.MongoDB/Volo/Abp/OpenIddict/Applications/MongoOpenIddictApplicationRepository.cs index 867bbe71c5b..7b3b0ba8267 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.MongoDB/Volo/Abp/OpenIddict/Applications/MongoOpenIddictApplicationRepository.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.MongoDB/Volo/Abp/OpenIddict/Applications/MongoOpenIddictApplicationRepository.cs @@ -17,7 +17,7 @@ public class MongoOpenIddictApplicationRepository : MongoDbRepository dbContextProvider) : base(dbContextProvider) { } - + public virtual async Task> GetListAsync(string sorting, int skipCount, int maxResultCount, string filter = null, CancellationToken cancellationToken = default) { diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/ClientResourcePermissionManagerExtensions.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/ClientResourcePermissionManagerExtensions.cs new file mode 100644 index 00000000000..16e686a2aae --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/ClientResourcePermissionManagerExtensions.cs @@ -0,0 +1,31 @@ +using System; +using System.Collections.Generic; +using System.Threading.Tasks; +using JetBrains.Annotations; +using Volo.Abp.Authorization.Permissions; + +namespace Volo.Abp.PermissionManagement; + +public static class ClientResourcePermissionManagerExtensions +{ + public static Task GetForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId, string permissionName) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.GetAsync(permissionName, resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId); + } + + public static Task> GetAllForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.GetAllAsync(resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId); + } + + public static Task SetForClientAsync([NotNull] this IResourcePermissionManager resourcePermissionManager, string resourceName, string resourceKey, string clientId, [NotNull] string permissionName, bool isGranted) + { + Check.NotNull(resourcePermissionManager, nameof(resourcePermissionManager)); + + return resourcePermissionManager.SetAsync(permissionName, resourceName, resourceKey, ClientPermissionValueProvider.ProviderName, clientId, isGranted); + } +} diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/AbpPermissionManagementDomainOpenIddictModule.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/AbpPermissionManagementDomainOpenIddictModule.cs index 1bf2bf140d9..2cad25a2831 100644 --- a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/AbpPermissionManagementDomainOpenIddictModule.cs +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/AbpPermissionManagementDomainOpenIddictModule.cs @@ -1,6 +1,9 @@ -using Volo.Abp.Authorization.Permissions; +using System; +using Microsoft.Extensions.DependencyInjection; +using Volo.Abp.Authorization.Permissions; using Volo.Abp.Modularity; using Volo.Abp.OpenIddict; +using Volo.Abp.OpenIddict.Applications; namespace Volo.Abp.PermissionManagement.OpenIddict; @@ -17,5 +20,17 @@ public override void ConfigureServices(ServiceConfigurationContext context) options.ManagementProviders.Add(); options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = "OpenIddictPro.Application.ManagePermissions"; }); + + context.Services.AddAbpOptions().PostConfigure((options, serviceProvider) => + { + // The IApplicationFinder implementation in OpenIddict Pro module for tiered application. + if (serviceProvider.GetService() == null) + { + return; + } + + options.ResourceManagementProviders.Add(); + options.ResourcePermissionProviderKeyLookupServices.Add(); + }); } } diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs index 4c4d6fe398b..6d07a728e4e 100644 --- a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationPermissionManagementProvider.cs @@ -18,7 +18,6 @@ public ApplicationPermissionManagementProvider( guidGenerator, currentTenant) { - } public override Task CheckAsync(string name, string providerName, string providerKey) @@ -29,6 +28,14 @@ public override Task CheckAsync(string name, s } } + public override Task CheckAsync(string[] names, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, providerName, providerKey); + } + } + protected override Task GrantAsync(string name, string providerKey) { using (CurrentTenant.Change(null)) diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionManagementProvider.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionManagementProvider.cs new file mode 100644 index 00000000000..e12fa63d034 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionManagementProvider.cs @@ -0,0 +1,59 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.Guids; +using Volo.Abp.MultiTenancy; + +namespace Volo.Abp.PermissionManagement.OpenIddict; + +public class ApplicationResourcePermissionManagementProvider : ResourcePermissionManagementProvider +{ + public override string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ApplicationResourcePermissionManagementProvider( + IResourcePermissionGrantRepository resourcePermissionGrantRepository, + IGuidGenerator guidGenerator, + ICurrentTenant currentTenant) + : base(resourcePermissionGrantRepository, guidGenerator, currentTenant) + { + } + + public override Task CheckAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(name, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task CheckAsync(string[] names, string resourceName, string resourceKey, string providerName, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.CheckAsync(names, resourceName, resourceKey, providerName, providerKey); + } + } + + public override Task SetAsync(string name, string resourceName, string resourceKey, string providerKey, bool isGranted) + { + using (CurrentTenant.Change(null)) + { + return base.SetAsync(name, resourceName, resourceKey, providerKey, isGranted); + } + } + + protected override async Task GrantAsync(string name, string resourceName, string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + await base.GrantAsync(name, resourceName, resourceKey, providerKey); + } + } + + protected override Task RevokeAsync(string name, string resourceName, string resourceKey, string providerKey) + { + using (CurrentTenant.Change(null)) + { + return base.RevokeAsync(name, resourceName, resourceKey, providerKey); + } + } +} diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionProviderKeyLookupService.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionProviderKeyLookupService.cs new file mode 100644 index 00000000000..1423ca9768f --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/ApplicationResourcePermissionProviderKeyLookupService.cs @@ -0,0 +1,39 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading; +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Localization; +using Volo.Abp.OpenIddict.Applications; +using Volo.Abp.OpenIddict.Localization; + +namespace Volo.Abp.PermissionManagement.OpenIddict; + +public class ApplicationResourcePermissionProviderKeyLookupService : IResourcePermissionProviderKeyLookupService, ITransientDependency +{ + public string Name => ClientResourcePermissionValueProvider.ProviderName; + + public ILocalizableString DisplayName { get; } + + protected IApplicationFinder ApplicationFinder { get; } + + public ApplicationResourcePermissionProviderKeyLookupService(IApplicationFinder applicationFinder) + { + ApplicationFinder = applicationFinder; + DisplayName = LocalizableString.Create(nameof(ApplicationResourcePermissionProviderKeyLookupService)); + } + + public virtual async Task> SearchAsync(string filter = null, int page = 1, CancellationToken cancellationToken = default) + { + var applications = await ApplicationFinder.SearchAsync(filter, page); + return applications.Select(x => new ResourcePermissionProviderKeyInfo(x.ClientId, x.ClientId)).ToList(); + } + + public virtual Task> SearchAsync(string[] keys, CancellationToken cancellationToken = default) + { + // Keys are ClientIds + return Task.FromResult(keys.Select(x => new ResourcePermissionProviderKeyInfo(x, x)).ToList()); + } +} diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationClientIdChangedHandler.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationClientIdChangedHandler.cs new file mode 100644 index 00000000000..8a22d1b46da --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationClientIdChangedHandler.cs @@ -0,0 +1,45 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.EventBus.Distributed; +using Volo.Abp.OpenIddict.Applications; + +namespace Volo.Abp.PermissionManagement.OpenIddict; + +public class OpenIddictApplicationClientIdChangedHandler : + IDistributedEventHandler, + ITransientDependency +{ + protected IPermissionManager PermissionManager { get; } + protected IPermissionGrantRepository PermissionGrantRepository { get; } + protected IResourcePermissionManager ResourcePermissionManager { get; } + protected IResourcePermissionGrantRepository ResourcePermissionGrantRepository { get; } + + public OpenIddictApplicationClientIdChangedHandler( + IPermissionManager permissionManager, + IPermissionGrantRepository permissionGrantRepository, + IResourcePermissionManager resourcePermissionManager, + IResourcePermissionGrantRepository resourcePermissionGrantRepository) + { + PermissionManager = permissionManager; + PermissionGrantRepository = permissionGrantRepository; + ResourcePermissionManager = resourcePermissionManager; + ResourcePermissionGrantRepository = resourcePermissionGrantRepository; + } + + public async Task HandleEventAsync(OpenIddictApplicationClientIdChangedEto eventData) + { + var permissionGrantsInRole = await PermissionGrantRepository.GetListAsync(ClientPermissionValueProvider.ProviderName, eventData.OldClientId); + foreach (var permissionGrant in permissionGrantsInRole) + { + await PermissionManager.UpdateProviderKeyAsync(permissionGrant, eventData.ClientId); + } + + var resourcePermissionGrantsInRole = await ResourcePermissionGrantRepository.GetListAsync(ClientResourcePermissionValueProvider.ProviderName, eventData.OldClientId); + foreach (var resourcePermissionGrant in resourcePermissionGrantsInRole) + { + await ResourcePermissionManager.UpdateProviderKeyAsync(resourcePermissionGrant, eventData.ClientId); + } + } +} diff --git a/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationDeletedEventHandler.cs b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationDeletedEventHandler.cs new file mode 100644 index 00000000000..ac02065e63f --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.PermissionManagement.Domain.OpenIddict/Volo/Abp/PermissionManagement/OpenIddict/OpenIddictApplicationDeletedEventHandler.cs @@ -0,0 +1,31 @@ +using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Authorization.Permissions.Resources; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Domain.Entities.Events.Distributed; +using Volo.Abp.EventBus.Distributed; +using Volo.Abp.OpenIddict.Applications; +using Volo.Abp.Uow; + +namespace Volo.Abp.PermissionManagement.OpenIddict; + +public class OpenIddictApplicationDeletedEventHandler : + IDistributedEventHandler>, + ITransientDependency +{ + protected IPermissionManager PermissionManager { get; } + protected IResourcePermissionManager ResourcePermissionManager { get; } + + public OpenIddictApplicationDeletedEventHandler(IPermissionManager permissionManager, IResourcePermissionManager resourcePermissionManager) + { + PermissionManager = permissionManager; + ResourcePermissionManager = resourcePermissionManager; + } + + [UnitOfWork] + public virtual async Task HandleEventAsync(EntityDeletedEto eventData) + { + await PermissionManager.DeleteAsync(ClientPermissionValueProvider.ProviderName, eventData.Entity.ClientId); + await ResourcePermissionManager.DeleteAsync(ClientResourcePermissionValueProvider.ProviderName, eventData.Entity.ClientId); + } +} diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManagementProvider.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManagementProvider.cs index 90d4e176d3c..9682965c676 100644 --- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManagementProvider.cs +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/ResourcePermissionManagementProvider.cs @@ -26,7 +26,7 @@ protected ResourcePermissionManagementProvider( CurrentTenant = currentTenant; } - public virtual async Task CheckAsync(string name, string resourceName,string resourceKey, string providerName, string providerKey) + public virtual async Task CheckAsync(string name, string resourceName, string resourceKey, string providerName, string providerKey) { var multiplePermissionValueProviderGrantInfo = await CheckAsync(new[] { name }, resourceName, resourceKey, providerName, providerKey); @@ -55,7 +55,7 @@ public virtual async Task Chec } } - public virtual Task SetAsync(string name, string resourceName,string resourceKey, string providerKey, bool isGranted) + public virtual Task SetAsync(string name, string resourceName, string resourceKey, string providerKey, bool isGranted) { return isGranted ? GrantAsync(name, resourceName, resourceKey, providerKey) diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml index 5717448c70d..15a5c0bff41 100644 --- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml +++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement/ResourcePermissionManagementModal.cshtml @@ -34,7 +34,7 @@ else { - +