I'm working on a project that is built with ASP.NET Boilerplate. The template that I use is .NET Core with Angular, including Module Zero. Multi-tenancy is enabled.
The task that I am currently working on is to allow administrators of the host to view users with Admin role from each tenant. I have added a new menu item on the pop-up menu (Actions column) in the Tenants list. It calls an API method and passes in the tenantId.
The API code looks like this (following Boilerplate code pattern):
if (tenantId != null)
{
UnitOfWorkManager.Current.SetTenantId(tenantId.Value);
adminRole = await _roleManager.GetRoleByNameAsync("admin");
}
if (tenantId != null && adminRole != null)
{
users = users.Where(u => u.Roles.Any(r => r.RoleId == adminRole.Id));
}
var totalCount = await AsyncQueryableExecuter.CountAsync(users);
users = ApplySorting(users, input);
users = ApplyPaging(users, input);
In the application, I have a mix of tenants. Some have their own database and some don't. The code above works as expected when the tenant has their own separate database while with tenants that do not, I get an error message:
Required permissions are not granted. At least one of these permissions must be granted: Users
In the log file, I have the following exception:
WARN 2017-11-23 10:37:23,101 [45] Mvc.ExceptionHandling.AbpExceptionFilter - Required permissions are not granted. At least one of these permissions must be granted: Users Abp.Authorization.AbpAuthorizationException: Required permissions are not granted. At least one of these permissions must be granted: Users at Abp.Authorization.PermissionCheckerExtensions.d__9.MoveNext() in D:\Github\aspnetboilerplate\src\Abp\Authorization\PermissionCheckerExtensions.cs:line 195 --- End of stack trace from previous location where exception was thrown ---at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Abp.Authorization.AuthorizationHelper.d__19.MoveNext() in D:\Github\aspnetboilerplate\src\Abp\Authorization\AuthorizationHelper.cs:line 48 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Abp.Authorization.AuthorizationHelper.d__22.MoveNext() in D:\Github\aspnetboilerplate\src\Abp\Authorization\AuthorizationHelper.cs:line 98 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Abp.Authorization.AuthorizationHelper.d__20.MoveNext() in D:\Github\aspnetboilerplate\src\Abp\Authorization\AuthorizationHelper.cs:line 57 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Nito.AsyncEx.Synchronous.TaskExtensions.WaitAndUnwrapException(Task task) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Nito.AsyncEx.Synchronous.TaskExtensions.WaitAndUnwrapException(Task task) at Nito.AsyncEx.AsyncContext.Run(Func'1 action) at Abp.Authorization.AuthorizationInterceptor.Intercept(IInvocation invocation) in D:\Github\aspnetboilerplate\src\Abp\Authorization\AuthorizationInterceptor.cs:line 20 at Castle.DynamicProxy.AbstractInvocation.Proceed() at Abp.Domain.Uow.UnitOfWorkInterceptor.PerformSyncUow(IInvocation invocation, UnitOfWorkOptions options) in D:\Github\aspnetboilerplate\src\Abp\Domain\Uow\UnitOfWorkInterceptor.cs:line 68 at Castle.DynamicProxy.AbstractInvocation.Proceed() at Castle.DynamicProxy.AbstractInvocation.Proceed() at Castle.DynamicProxy.AbstractInvocation.Proceed() at Castle.Proxies.UserAppServiceProxy.ApplySorting(IQueryable'1 query, PagedResultRequestDto input) at CK.Users.UserAppService.d__16.MoveNext() in D:\Projects\CK\Development\aspnet-core\src\CK.Application\Users\UserAppService.cs:line 179 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at lambda_method(Closure , Object ) at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__14.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.d__23.MoveNext()
Question here is, why does the same code work with tenants that have their own database, but with others I get an exception? And what do I need to do, so that I can get this code to work regardless of how the tenant is set up?
All suggestions are welcomed.
Regards, Alex
It appears that AuthorizationInterceptor unnecessarily intercepts the ApplySorting method.
You can safely override that method with the [AbpAllowAnonymous] attribute:
[AbpAllowAnonymous]
protected override IQueryable<User> ApplySorting(IQueryable<User> query, UserGetAllInput input)
{
return base.ApplySorting(query, input);
}