Search code examples
c#asp.net-coredependency-injectionauthorizationaspnetboilerplate

Required permissions are not granted. At least one of these permissions must be granted: Users

I'm trying to implement a file upload in an ASP.NET Boilerplate project. This is my code:

Index.cshtml:

<form asp-controller="Backlog" asp-action="Upload_Image" method="post"
      enctype="multipart/form-data">

  <input type="file" name="file" />

  <button type="submit">Upload Image</button>

</form>

BacklogController.cs:

using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Abp.Application.Services.Dto;
using Abp.AspNetCore.Mvc.Authorization;
using MyProject.Authorization;
using MyProject.Controllers;
using MyProject.Users;
using MyProject.Web.Models.Backlog;
using MyProject.Users.Dto;
using System.Collections.Generic;
using MyProject.Backlog;

namespace MyProject.Controllers
{
    [AbpMvcAuthorize(PermissionNames.Pages_Backlog)]
    public class BacklogController : MyProjectControllerBase
    {
        private readonly IUserAppService _userAppService;
        private readonly BacklogAppService _backlogAppService;

        public BacklogController(IUserAppService userAppService, BacklogAppService backlogAppService)
        {
            _userAppService = userAppService;
            _backlogAppService = backlogAppService;
        }

        public async Task<ActionResult> Index()
        {
            var backlogItems = (await _backlogAppService.GetBackLogItems()).Items;

            var model = new BacklogListViewModel
            {
                BacklogItems = backlogItems
            };

            return View(model);
        }

        [HttpPost] // Postback
        public async Task<IActionResult> Upload_Image(IFormFile file)
        {
            if (file == null || file.Length == 0) return Content("file not selected");

            return View();
        }
    }
}

The web app runs, but when I click on the upload button, it says that:

the necessary authorizations are not granted. At least one of these permissions must be granted: Users

Where am I doing it wrong? Otherwise, is there a simpler way to implement a file upload on ASP.NET Boilerplate?

Solution

  • You are injecting IUserAppService and its implementation requires PermissionNames.Pages_Users:

    [AbpAuthorize(PermissionNames.Pages_Users)]
public class UserAppService : AsyncCrudAppService<...>, IUserAppService

    These are your options:

    1. Remove the injection of IUserAppService from BacklogController, since you are not using it.

      // private readonly IUserAppService _userAppService;
private readonly BacklogAppService _backlogAppService;

// public BacklogController(IUserAppService userAppService, BacklogAppService backlogAppService)
public BacklogController(BacklogAppService backlogAppService)
{
    // _userAppService = userAppService;
    _backlogAppService = backlogAppService;
}

    2. Log in as tenant admin, which has PermissionNames.Pages_Users granted by default.

    3. Grant PermissionNames.Pages_Users to the user that you have logged in to.