I get the concept of Permissions, Roles and Authorization. But I can't get a grip of how the Authorization works when added in multiple places. Let me explain.
I have an application service class with the attribute:
[AbpAuthorize(PermissionNames.A)]
Within that class I have a method with the following attribute:
[AbpAuthorize(PermissionNames.B)]
In my world the B-permission should override the A-permission, but does it? To me it does not feel like it. Is there a way for me to accomplish the same functionality? To make it even more complex, the A-permission is a MultiTenancySides.Host permission, and B is not.
Thanks!
In my world the B-permission should override the A-permission, but does it?
No, separate AbpAuthorize attributes are AND condition.
Is there a way for me to accomplish the [override] functionality?
That's fundamentally different. You'll have to rewrite IAuthorizationHelper.
public class OverridingAuthorizationHelper : AuthorizationHelper
{
public OverridingAuthorizationHelper(IFeatureChecker featureChecker, IAuthorizationConfiguration authConfiguration)
: base(featureChecker, authConfiguration)
{
}
public override Task AuthorizeAsync(IEnumerable<IAbpAuthorizeAttribute> authorizeAttributes)
{
if (authorizeAttributes.Any())
{
authorizeAttributes = new List<IAbpAuthorizeAttribute> { authorizeAttributes.First() };
}
return base.AuthorizeAsync(authorizeAttributes);
}
}
And then replace it in the PreInitialize method of your *.Core module.
// using Abp.Configuration.Startup;
public override void PreInitialize()
{
Configuration.ReplaceService<IAuthorizationHelper, OverridingAuthorizationHelper>();
}