重命名 ABP 框架中的默认管理员角色
Rename default admin role in ABP framework
有没有办法将默认的 admin 角色重命名为其他名称,例如system admin 还是 super admin?在某些情况下,admin 可能指的是任务管理员或其他管理员,我会将其用于其他用途。
是的,我可以删除授予 admin 的所有权限并将它们授予 system admin,但是我不确定其他使用默认 admin 的地方。
由于 data seeder 被硬编码为 admin,我有点卡在这里了。
我是这样处理的:
public static class IdentityDataSeederProperties
{
public static String AdminUserName { get; set; } = "admin";
public static String AdminRoleName { get; set; } = "admin";
}
[Dependency(ReplaceServices = true)]
public class IdentityDataSeeder : ITransientDependency, IIdentityDataSeeder
{
protected IGuidGenerator GuidGenerator { get; }
protected IIdentityRoleRepository RoleRepository { get; }
protected IIdentityUserRepository UserRepository { get; }
protected ILookupNormalizer LookupNormalizer { get; }
protected IdentityUserManager UserManager { get; }
protected IdentityRoleManager RoleManager { get; }
protected ICurrentTenant CurrentTenant { get; }
protected IOptions<IdentityOptions> IdentityOptions { get; }
protected ILogger<IdentityDataSeeder> Logger { get; }
public IdentityDataSeeder(
IGuidGenerator guidGenerator,
IIdentityRoleRepository roleRepository,
IIdentityUserRepository userRepository,
ILookupNormalizer lookupNormalizer,
IdentityUserManager userManager,
IdentityRoleManager roleManager,
ICurrentTenant currentTenant,
IOptions<IdentityOptions> identityOptions,
ILogger<IdentityDataSeeder> logger)
{
GuidGenerator = guidGenerator;
RoleRepository = roleRepository;
UserRepository = userRepository;
LookupNormalizer = lookupNormalizer;
UserManager = userManager;
RoleManager = roleManager;
CurrentTenant = currentTenant;
IdentityOptions = identityOptions;
Logger = logger;
}
public virtual async Task<IdentityDataSeedResult> SeedAsync(String adminEmail, String adminPassword, Guid? tenantId = null)
{
Check.NotNullOrWhiteSpace(adminEmail, nameof(adminEmail));
Check.NotNullOrWhiteSpace(adminPassword, nameof(adminPassword));
using (CurrentTenant.Change(tenantId))
{
await IdentityOptions.SetAsync().ConfigureAwait(false);
var result = await CreateAdminUserAndRoleAsync(adminEmail, adminPassword, tenantId).ConfigureAwait(false);
await AddAdminUserToAdminRole().ConfigureAwait(false);
return result;
}
}
[UnitOfWork]
private async Task AddAdminUserToAdminRole()
{
var adminUser = await UserRepository
.FindByNormalizedUserNameAsync(LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminUserName))
.ConfigureAwait(false);
(await UserManager.AddToRoleAsync(adminUser, IdentityDataSeederProperties.AdminRoleName).ConfigureAwait(false)).CheckErrors();
}
[UnitOfWork]
private async Task<IdentityDataSeedResult> CreateAdminUserAndRoleAsync(String adminEmail, String adminPassword, Guid? tenantId)
{
return new IdentityDataSeedResult
{
CreatedAdminUser = await CreateAdminUserIfItDoesNotExistAsync(tenantId, adminEmail, adminPassword).ConfigureAwait(false),
CreatedAdminRole = await CreateAdminRoleIfItDoesNotExistAsync(tenantId).ConfigureAwait(false)
};
}
private async Task<Boolean> CreateAdminRoleIfItDoesNotExistAsync(Guid? tenantId)
{
var adminRole = await RoleRepository
.FindByNormalizedNameAsync(LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminRoleName))
.ConfigureAwait(false);
if (adminRole == null)
{
adminRole = new IdentityRole(GuidGenerator.Create(), IdentityDataSeederProperties.AdminRoleName, tenantId)
{
IsStatic = true,
IsPublic = true
};
(await RoleManager.CreateAsync(adminRole).ConfigureAwait(false)).CheckErrors();
Logger.LogInformation("Created Role: {RoleName} ({RoleId})", adminRole.Name, adminRole.Id);
return true;
}
return false;
}
private async Task<Boolean> CreateAdminUserIfItDoesNotExistAsync(Guid? tenantId, String adminEmail, String adminPassword)
{
var adminUser = await UserRepository.FindByNormalizedUserNameAsync(
LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminUserName)
).ConfigureAwait(false);
if (adminUser == null)
{
adminUser = new IdentityUser(GuidGenerator.Create(), IdentityDataSeederProperties.AdminUserName, adminEmail, tenantId)
{
Name = IdentityDataSeederProperties.AdminUserName
};
(await UserManager.CreateAsync(adminUser, adminPassword, validatePassword: false).ConfigureAwait(false)).CheckErrors();
Logger.LogInformation("Created User: {RoleName} ({RoleId})", adminUser.Name, adminUser.Id);
return true;
}
return false;
}
}
关键是 [Dependency(ReplaceServices = true)] 属性。它导致 DI 系统用我的替换默认实现。
注意:我重构了默认实现(并添加了日志记录),这就是为什么我不只是继承它的原因,如 #9641 中所建议的那样。
有没有办法将默认的 admin 角色重命名为其他名称,例如system admin 还是 super admin?在某些情况下,admin 可能指的是任务管理员或其他管理员,我会将其用于其他用途。
是的,我可以删除授予 admin 的所有权限并将它们授予 system admin,但是我不确定其他使用默认 admin 的地方。
由于 data seeder 被硬编码为 admin,我有点卡在这里了。
我是这样处理的:
public static class IdentityDataSeederProperties
{
public static String AdminUserName { get; set; } = "admin";
public static String AdminRoleName { get; set; } = "admin";
}
[Dependency(ReplaceServices = true)]
public class IdentityDataSeeder : ITransientDependency, IIdentityDataSeeder
{
protected IGuidGenerator GuidGenerator { get; }
protected IIdentityRoleRepository RoleRepository { get; }
protected IIdentityUserRepository UserRepository { get; }
protected ILookupNormalizer LookupNormalizer { get; }
protected IdentityUserManager UserManager { get; }
protected IdentityRoleManager RoleManager { get; }
protected ICurrentTenant CurrentTenant { get; }
protected IOptions<IdentityOptions> IdentityOptions { get; }
protected ILogger<IdentityDataSeeder> Logger { get; }
public IdentityDataSeeder(
IGuidGenerator guidGenerator,
IIdentityRoleRepository roleRepository,
IIdentityUserRepository userRepository,
ILookupNormalizer lookupNormalizer,
IdentityUserManager userManager,
IdentityRoleManager roleManager,
ICurrentTenant currentTenant,
IOptions<IdentityOptions> identityOptions,
ILogger<IdentityDataSeeder> logger)
{
GuidGenerator = guidGenerator;
RoleRepository = roleRepository;
UserRepository = userRepository;
LookupNormalizer = lookupNormalizer;
UserManager = userManager;
RoleManager = roleManager;
CurrentTenant = currentTenant;
IdentityOptions = identityOptions;
Logger = logger;
}
public virtual async Task<IdentityDataSeedResult> SeedAsync(String adminEmail, String adminPassword, Guid? tenantId = null)
{
Check.NotNullOrWhiteSpace(adminEmail, nameof(adminEmail));
Check.NotNullOrWhiteSpace(adminPassword, nameof(adminPassword));
using (CurrentTenant.Change(tenantId))
{
await IdentityOptions.SetAsync().ConfigureAwait(false);
var result = await CreateAdminUserAndRoleAsync(adminEmail, adminPassword, tenantId).ConfigureAwait(false);
await AddAdminUserToAdminRole().ConfigureAwait(false);
return result;
}
}
[UnitOfWork]
private async Task AddAdminUserToAdminRole()
{
var adminUser = await UserRepository
.FindByNormalizedUserNameAsync(LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminUserName))
.ConfigureAwait(false);
(await UserManager.AddToRoleAsync(adminUser, IdentityDataSeederProperties.AdminRoleName).ConfigureAwait(false)).CheckErrors();
}
[UnitOfWork]
private async Task<IdentityDataSeedResult> CreateAdminUserAndRoleAsync(String adminEmail, String adminPassword, Guid? tenantId)
{
return new IdentityDataSeedResult
{
CreatedAdminUser = await CreateAdminUserIfItDoesNotExistAsync(tenantId, adminEmail, adminPassword).ConfigureAwait(false),
CreatedAdminRole = await CreateAdminRoleIfItDoesNotExistAsync(tenantId).ConfigureAwait(false)
};
}
private async Task<Boolean> CreateAdminRoleIfItDoesNotExistAsync(Guid? tenantId)
{
var adminRole = await RoleRepository
.FindByNormalizedNameAsync(LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminRoleName))
.ConfigureAwait(false);
if (adminRole == null)
{
adminRole = new IdentityRole(GuidGenerator.Create(), IdentityDataSeederProperties.AdminRoleName, tenantId)
{
IsStatic = true,
IsPublic = true
};
(await RoleManager.CreateAsync(adminRole).ConfigureAwait(false)).CheckErrors();
Logger.LogInformation("Created Role: {RoleName} ({RoleId})", adminRole.Name, adminRole.Id);
return true;
}
return false;
}
private async Task<Boolean> CreateAdminUserIfItDoesNotExistAsync(Guid? tenantId, String adminEmail, String adminPassword)
{
var adminUser = await UserRepository.FindByNormalizedUserNameAsync(
LookupNormalizer.NormalizeName(IdentityDataSeederProperties.AdminUserName)
).ConfigureAwait(false);
if (adminUser == null)
{
adminUser = new IdentityUser(GuidGenerator.Create(), IdentityDataSeederProperties.AdminUserName, adminEmail, tenantId)
{
Name = IdentityDataSeederProperties.AdminUserName
};
(await UserManager.CreateAsync(adminUser, adminPassword, validatePassword: false).ConfigureAwait(false)).CheckErrors();
Logger.LogInformation("Created User: {RoleName} ({RoleId})", adminUser.Name, adminUser.Id);
return true;
}
return false;
}
}
关键是 [Dependency(ReplaceServices = true)] 属性。它导致 DI 系统用我的替换默认实现。
注意:我重构了默认实现(并添加了日志记录),这就是为什么我不只是继承它的原因,如 #9641 中所建议的那样。