asp.netpermissionsauthorizationaspnetboilerplate.net-attributes

Overriding permission required by AbpAuthorize attribute


I get the concept of Permissions, Roles and Authorization. But I can't get a grip of how the Authorization works when added in multiple places. Let me explain.

I have an application service class with the attribute: [AbpAuthorize(PermissionNames.A)] Within that class I have a method with the following attribute: [AbpAuthorize(PermissionNames.B)]

In my world the B-permission should override the A-permission, but does it? To me it does not feel like it. Is there a way for me to accomplish the same functionality? To make it even more complex, the A-permission is a MultiTenancySides.Host permission, and B is not.

Thanks!


Solution

  • In my world the B-permission should override the A-permission, but does it?

    No, separate AbpAuthorize attributes are AND condition.

    Is there a way for me to accomplish the [override] functionality?

    That's fundamentally different. You'll have to rewrite IAuthorizationHelper.

    public class OverridingAuthorizationHelper : AuthorizationHelper
    {
        public OverridingAuthorizationHelper(IFeatureChecker featureChecker, IAuthorizationConfiguration authConfiguration)
            : base(featureChecker, authConfiguration)
        {
        }
    
        public override Task AuthorizeAsync(IEnumerable<IAbpAuthorizeAttribute> authorizeAttributes)
        {
            if (authorizeAttributes.Any())
            {
                authorizeAttributes = new List<IAbpAuthorizeAttribute> { authorizeAttributes.First() };
            }
    
            return base.AuthorizeAsync(authorizeAttributes);
        }
    }
    

    And then replace it in the PreInitialize method of your *.Core module.

    // using Abp.Configuration.Startup;
    
    public override void PreInitialize()
    {
        Configuration.ReplaceService<IAuthorizationHelper, OverridingAuthorizationHelper>();
    }