always grant all permissions to admin users during seed

fretje · fretje · commit 7a3358c9deab · 2017-10-24T14:09:35.000+02:00
otherwise when new permissions are added later, the current admins don't get those new permissions granted
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.EntityFrameworkCore/EntityFrameworkCore/Seed/Host/HostRoleAndUserCreator.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.EntityFrameworkCore/EntityFrameworkCore/Seed/Host/HostRoleAndUserCreator.cs
@@ -35,6 +35,33 @@ private void CreateHostRoleAndUsers()
                 _context.SaveChanges();
             }
 
+            // Grant all permissions to admin role for host
+
+            var grantedPermissions = _context.Permissions.IgnoreQueryFilters()
+                .OfType<RolePermissionSetting>()
+                .Where(p => p.TenantId == null && p.RoleId == adminRoleForHost.Id)
+                .Select(p => p.Name)
+                .ToList();
+
+            var permissions = PermissionFinder
+                .GetAllPermissions(new AbpProjectNameAuthorizationProvider())
+                .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Host) &&
+                            !grantedPermissions.Contains(p.Name))
+                .ToList();
+
+            if (permissions.Any())
+            {
+                _context.Permissions.AddRange(
+                    permissions.Select(permission => new RolePermissionSetting
+                    {
+                        TenantId = null,
+                        Name = permission.Name,
+                        IsGranted = true,
+                        RoleId = adminRoleForHost.Id
+                    }));
+                _context.SaveChanges();
+            }
+
             // Admin user for host
 
             var adminUserForHost = _context.Users.IgnoreQueryFilters().FirstOrDefault(u => u.TenantId == null && u.UserName == AbpUserBase.AdminUserName);
@@ -61,26 +88,6 @@ private void CreateHostRoleAndUsers()
                 _context.UserRoles.Add(new UserRole(null, adminUserForHost.Id, adminRoleForHost.Id));
                 _context.SaveChanges();
 
-                // Grant all permissions
-                var permissions = PermissionFinder
-                    .GetAllPermissions(new AbpProjectNameAuthorizationProvider())
-                    .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Host))
-                    .ToList();
-
-                foreach (var permission in permissions)
-                {
-                    _context.Permissions.Add(
-                        new RolePermissionSetting
-                        {
-                            TenantId = null,
-                            Name = permission.Name,
-                            IsGranted = true,
-                            RoleId = adminRoleForHost.Id
-                        });
-                }
-
-                _context.SaveChanges();
-
                 // User account of admin user
                 _context.UserAccounts.Add(new UserAccount
                 {
@@ -89,7 +96,6 @@ private void CreateHostRoleAndUsers()
                     UserName = AbpUserBase.AdminUserName,
                     EmailAddress = adminUserForHost.EmailAddress
                 });
-
                 _context.SaveChanges();
             }
         }
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.EntityFrameworkCore/EntityFrameworkCore/Seed/Tenants/TenantRoleAndUserBuilder.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.EntityFrameworkCore/EntityFrameworkCore/Seed/Tenants/TenantRoleAndUserBuilder.cs
@@ -37,25 +37,33 @@ private void CreateRolesAndUsers()
             {
                 adminRole = _context.Roles.Add(new Role(_tenantId, StaticRoleNames.Tenants.Admin, StaticRoleNames.Tenants.Admin) { IsStatic = true }).Entity;
                 _context.SaveChanges();
+            }
 
-                // Grant all permissions to admin role
-                var permissions = PermissionFinder
-                    .GetAllPermissions(new AbpProjectNameAuthorizationProvider())
-                    .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Tenant))
-                    .ToList();
+            // Grant all permissions to admin role
 
-                foreach (var permission in permissions)
-                {
-                    _context.Permissions.Add(
-                        new RolePermissionSetting
-                        {
-                            TenantId = _tenantId,
-                            Name = permission.Name,
-                            IsGranted = true,
-                            RoleId = adminRole.Id
-                        });
-                }
+            var grantedPermissions = _context.Permissions.IgnoreQueryFilters()
+                .OfType<RolePermissionSetting>()
+                .Where(p => p.TenantId == _tenantId && p.RoleId == adminRole.Id)
+                .Select(p => p.Name)
+                .ToList();
+
+            var permissions = PermissionFinder
+                .GetAllPermissions(new AbpProjectNameAuthorizationProvider())
+                .Where(p => p.MultiTenancySides.HasFlag(MultiTenancySides.Tenant) &&
+                            !grantedPermissions.Contains(p.Name))
+                .ToList();
 
+            if (permissions.Any())
+            {
+                _context.Permissions.AddRange(
+                    permissions.Select(permission => new RolePermissionSetting
+                    {
+                        TenantId = _tenantId,
+                        Name = permission.Name,
+                        IsGranted = true,
+                        RoleId = adminRole.Id
+                    })
+                );
                 _context.SaveChanges();
             }
 
