Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show an error message if permission names are not unique #17385

Merged
merged 12 commits into from
Jan 27, 2025
Prev Previous commit
Next Next commit
Log an error on startup, if permissions are ambiguous.
gvkries committed Jan 24, 2025
commit a80d7a7789f28195efbccc330061f68c3ede6ff5
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Logging;
using OrchardCore.Security;
using OrchardCore.Security.AuthorizationHandlers;
using OrchardCore.Security.Permissions;
@@ -30,6 +33,31 @@ public static OrchardCoreBuilder AddSecurity(this OrchardCoreBuilder builder)
services.AddScoped<IAuthorizationHandler, PermissionHandler>();
});

builder.Configure(ValidatePermissionsAsync);

return builder;
}

private static async ValueTask ValidatePermissionsAsync(IApplicationBuilder builder, IEndpointRouteBuilder routeBuilder, IServiceProvider serviceProvider)
{
// Make sure registered permissions are valid, i.e. they must be unique.
var permissionProviders = serviceProvider.GetServices<IPermissionProvider>();
MikeAlhayek marked this conversation as resolved.
Show resolved Hide resolved
var permissionNames = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
ILogger logger = null;

foreach (var permissionProvider in permissionProviders)
{
var permissions = await permissionProvider.GetPermissionsAsync();

foreach (var permission in permissions)
{
if(!permissionNames.Add(permission.Name))
{
logger ??= serviceProvider.GetRequiredService<ILogger<IPermissionProvider>>();

logger.LogError("The permission '{PermissionName}' created by the permission provider '{PermissionProvider}' is already registered. Each permission must have a unique name across all modules.", permission.Name, permissionProvider.GetType());
}
}
}
}
}