Skip to content

Commit

Permalink
perf(permissions): organization permission efficiency.
Browse files Browse the repository at this point in the history
  • Loading branch information
colinin committed Apr 23, 2024
1 parent de14c9e commit b64fb7f
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 72 deletions.
Original file line number Diff line number Diff line change
@@ -1,44 +1,44 @@
using Volo.Abp.Reflection;

namespace LINGYUN.Abp.Identity
{
public class IdentityPermissions
{
public static class Roles
{
public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageClaims";
public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageOrganizationUnits";
}

public static class Users
{
public const string ResetPassword = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ResetPassword";
public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageClaims";
public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageOrganizationUnits";
}

public static class OrganizationUnits
{
public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".OrganizationUnits";
public const string Create = Default + ".Create";
public const string Update = Default + ".Update";
public const string Delete = Default + ".Delete";
public const string ManageUsers = Default + ".ManageUsers";
using Volo.Abp.Reflection;

namespace LINGYUN.Abp.Identity
{
public class IdentityPermissions
{
public static class Roles
{
public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageClaims";
public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageOrganizationUnits";
}

public static class Users
{
public const string ResetPassword = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ResetPassword";
public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageClaims";
public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageOrganizationUnits";
}

public static class OrganizationUnits
{
public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".OrganizationUnits";
public const string Create = Default + ".Create";
public const string Update = Default + ".Update";
public const string Delete = Default + ".Delete";
public const string ManageUsers = Default + ".ManageUsers";
public const string ManageRoles = Default + ".ManageRoles";
public const string ManagePermissions = Default + ".ManagePermissions";
}

public static class IdentityClaimType
{
public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".IdentityClaimTypes";
public const string Create = Default + ".Create";
public const string Update = Default + ".Update";
public const string Delete = Default + ".Delete";
}

public static string[] GetAll()
{
return ReflectionHelper.GetPublicConstantsRecursively(typeof(IdentityPermissions));
}
}
}
public const string ManagePermissions = Default + ".ManagePermissions";
}

public static class IdentityClaimType
{
public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".IdentityClaimTypes";
public const string Create = Default + ".Create";
public const string Update = Default + ".Update";
public const string Delete = Default + ".Delete";
}

public static string[] GetAll()
{
return ReflectionHelper.GetPublicConstantsRecursively(typeof(IdentityPermissions));
}
}
}
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
using LINGYUN.Abp.Authorization.OrganizationUnits;
using LINGYUN.Abp.Authorization.Permissions;
using LINGYUN.Abp.Identity;
using Volo.Abp.Modularity;
using Volo.Abp.Modularity;
using Volo.Abp.PermissionManagement;

namespace LINGYUN.Abp.PermissionManagement.OrganizationUnits;

[DependsOn(
typeof(AbpIdentityDomainModule),
typeof(AbpPermissionManagementDomainModule),
typeof(AbpAuthorizationOrganizationUnitsModule)
)]
public class AbpPermissionManagementDomainOrganizationUnitsModule : AbpModule
{
public override void ConfigureServices(ServiceConfigurationContext context)
{
Configure<PermissionManagementOptions>(options =>
{
options.ManagementProviders.Add<OrganizationUnitPermissionManagementProvider>();
options.ProviderPolicies[OrganizationUnitPermissionValueProvider.ProviderName] = "AbpIdentity.OrganizationUnits.ManagePermissions";
});
}
}
namespace LINGYUN.Abp.PermissionManagement.OrganizationUnits;

[DependsOn(
typeof(AbpIdentityDomainModule),
typeof(AbpPermissionManagementDomainModule),
typeof(AbpAuthorizationOrganizationUnitsModule)
)]
public class AbpPermissionManagementDomainOrganizationUnitsModule : AbpModule
{
public override void ConfigureServices(ServiceConfigurationContext context)
{
Configure<PermissionManagementOptions>(options =>
{
options.ManagementProviders.Add<OrganizationUnitPermissionManagementProvider>();
options.ProviderPolicies[OrganizationUnitPermissionValueProvider.ProviderName] = "AbpIdentity.OrganizationUnits.ManagePermissions";
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
using System.Linq;
using System.Threading.Tasks;
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Domain.Repositories;
using Volo.Abp.Guids;
using Volo.Abp.Linq;
using Volo.Abp.MultiTenancy;
using Volo.Abp.PermissionManagement;
using UserManager = Volo.Abp.Identity.IdentityUserManager;
Expand All @@ -16,10 +18,14 @@ public class OrganizationUnitPermissionManagementProvider : PermissionManagement
public override string Name => OrganizationUnitPermissionValueProvider.ProviderName;

protected UserManager UserManager { get; }
protected IAsyncQueryableExecuter AsyncQueryableExecuter { get; }
protected IIdentityUserRepository IdentityUserRepository { get; }
protected IIdentityRoleRepository IdentityRoleRepository { get; }
protected IRepository<PermissionGrant, Guid> PermissionGrantBasicRepository { get; }

public OrganizationUnitPermissionManagementProvider(
IAsyncQueryableExecuter asyncQueryableExecuter,
IRepository<PermissionGrant, Guid> permissionGrantBasicRepository,
IPermissionGrantRepository permissionGrantRepository,
IIdentityUserRepository identityUserRepository,
IIdentityRoleRepository identityRoleRepository,
Expand All @@ -32,8 +38,10 @@ public OrganizationUnitPermissionManagementProvider(
currentTenant)
{
UserManager = userManager;
AsyncQueryableExecuter = asyncQueryableExecuter;
IdentityUserRepository = identityUserRepository;
IdentityRoleRepository = identityRoleRepository;
PermissionGrantBasicRepository = permissionGrantBasicRepository;
}

public override async Task<PermissionValueProviderGrantInfo> CheckAsync(string name, string providerName, string providerKey)
Expand All @@ -51,29 +59,32 @@ public override async Task<MultiplePermissionValueProviderGrantInfo> CheckAsync(
if (providerName == Name)
{
permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, providerName, providerKey));

}

if (providerName == RolePermissionValueProvider.ProviderName)
{
var role = await IdentityRoleRepository.FindByNormalizedNameAsync(UserManager.NormalizeName(providerKey));
var organizationUnits = await IdentityRoleRepository.GetOrganizationUnitsAsync(role.Id);
var roleOrganizationUnits = organizationUnits.Select(x => x.Id.ToString());

foreach (var organizationUnit in organizationUnits)
{
permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, Name, organizationUnit.Id.ToString()));
}
var quaryble = await PermissionGrantBasicRepository.GetQueryableAsync();
quaryble = quaryble.Where(x => x.ProviderName == Name && roleOrganizationUnits.Contains(x.ProviderKey) && names.Contains(x.Name));
var roleUnitGrants = await AsyncQueryableExecuter.ToListAsync(quaryble);

permissionGrants.AddRange(roleUnitGrants);
}

if (providerName == UserPermissionValueProvider.ProviderName)
{
var userId = Guid.Parse(providerKey);
var organizationUnits = await IdentityUserRepository.GetOrganizationUnitsAsync(id: userId);
var userOrganizationUnits = organizationUnits.Select(x => x.Id.ToString());

foreach (var organizationUnit in organizationUnits)
{
permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, Name, organizationUnit.Id.ToString()));
}
var quaryble = await PermissionGrantBasicRepository.GetQueryableAsync();
quaryble = quaryble.Where(x => x.ProviderName == Name && userOrganizationUnits.Contains(x.ProviderKey) && names.Contains(x.Name));
var userOrganizationUnitGrants = await AsyncQueryableExecuter.ToListAsync(quaryble);

permissionGrants.AddRange(userOrganizationUnitGrants);
}

permissionGrants = permissionGrants.Distinct().ToList();
Expand Down

0 comments on commit b64fb7f

Please sign in to comment.