Open Closed

Auditing requirements for Volo.Abp.Identity.IdentityRole #508


User avatar
1
tunji created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

  • ABP Framework version: v3.0.5

Hello,

We need to add the standard audit fields to our dbo.AbpRoles table as well as plug that table into your out of the box auditing functionality. However Volo.Abp.Identity.IdentityRole inherits from AggregateRoot<Guid> and not FullAuditedAggregateRoot<Guid> hence the auditing fields are not generate for us, how do we get round this issue?

We have created an AppRole class, which inherits from FullAuditedAggregateRoot<Guid> and added the following code:

       protected override void OnModelCreating(ModelBuilder builder)
       {
            builder.Entity<AppRole>(b =>
            {
                b.ToTable(AbpIdentityDbProperties.DbTablePrefix + "Roles");
                b.ConfigureByConvention();
                b.Property(p => p.Name);
                b.Property(p => p.NormalizedName);
            });
      }

Unfortunately, the table generating code still uses Volo.Abp.Identity.IdentityRole instead and doesn’t add the auditing fields we want to the dbo.AbpRoles.table

Please can you help?

I think our ideal fix would be for Volo.Abp.Identity.IdentityRole to inherit from FullAuditedAggregateRoot<Guid> much like Volo.Abp.Identity.IdentityUser does.


11 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team

    Hi,

    Currently this is not easy to do, ABP audits based on entity type. You can use the entity extension system to add audit fields and subscribe to entity change events to set values to audit fields.

  • User Avatar
    0
    liangshiwei created
    Support Team

    We have entity history: https://docs.abp.io/en/abp/latest/Audit-Logging#entity-history-selectors

    I think this is enough.You can get audit information from the entity history.

  • User Avatar
    0
    tunji created

    Hello liangshiwei,

    It's not so much the auditing that is my issue but how Abp composes its Entity Framework statements.

    AbpRoles and AbpUserRoles tables do not have the IsDeleted field.

    When I write something like this in my repostory class to retrieve User and Role records:

            var query = from appUser in DbSet                        
                        join userRole in DbContext.UserRoles on appUser.Id equals userRole.UserID into userRoles
                        from userRole in userRoles.DefaultIfEmpty()
                        join role in DbContext.Roles on userRole.RoleID equals role.Id into roles
    		from role in roles.DefaultIfEmpty()
            
    

    The SELECT composed by ABP for ABPROLES and ABP USERROLES tables lists all the audited fields (included IsDeleted) which those tables don't have

    SELECT .... FROM AbpUsers AS a LEFT JOIN ( SELECT ..., a0.IsDeleted, .... FROM AbpUserRoles AS a0

    I need a way round this please.

  • User Avatar
    0
    tunji created

    I also tried to use the ObjectExtensionManager Instance function like so:

                ObjectExtensionManager.Instance
                   .MapEfCoreProperty&lt;IdentityUserRole, bool&gt;(
                       "IsDeleted"
                   )
                   
    

    Sadly, this works for IdentityRole and not IdentityUserRole as the latter doesn't inherit from the IHasExtraProperties interface.

    Any other sugested workround please?

  • User Avatar
    0
    liangshiwei created
    Support Team

    Hi,

    I think there is no problem with this statement, It will not query the role of the deleted user.

  • User Avatar
    0
    tunji created

    Morning lianshiwei,

    For some reason, I can't post the full query in textual form so here it is as an image.:

    Note that :

    1. a0.IsDeleted is looking for the IsDeleted column on the AbpUserRoles table, that column doesn't exist.

    2. a1.IsDeleted is looking for the IsDeleted column on the AbpRoles table, that column also doesn't exit.

    I can now add the IsDeleted column to my AbpRoles table (which is somewhat of a hack but that's ok), however because the IdentityUserRoles class does not inherit from the IHasExtraProperties interface, I am unable to add the IsDeleted column to the AbpUserRoles table.

    How can I extend the AbpUserRoles table OR How can I use DBContext.Roles and DBContect.UserRoles in a query such that ABP wouldn't convert it into an SQL statement that would be checking for the non existent IsDeleted column.

  • User Avatar
    0
    liangshiwei created
    Support Team

    I will check it out

  • User Avatar
    0
    liangshiwei created
    Support Team

    I used the linq you provided, It does not generate isdeleted conditions for identityUserrole and identityRole

  • User Avatar
    0
    tunji created

    Hello again liangshiwei,

    Thank you for your screenshot showing that IsDeleted is not generated for IdentityUserRole and IdentityRole. I haven't seen your database tables but I believe neither ABPUSERROLER nor ABPROLES tables would have the ISDELETED column on there (or any of the standard auditing fields for that matter).

    For both legal and legislative reasons, the application I am working on needs the Soft Delete facilty that ab.io offers.

    https://docs.abp.io/en/abp/latest/Data-Filtering

    If you recall I posted this 2 days ago:

    I can now add the IsDeleted column to my AbpRoles table (which is somewhat of a hack but that's ok), however because the IdentityUserRoles class does not inherit from the IHasExtraProperties interface, I am unable to add the IsDeleted column to the AbpUserRoles table.

    This shows that what I would like is to be able to add the IsDeleted column (as well as the other auditing columns) on both my ABPUSERROLER and ABPROLES tables.

    Ideally, I would love the auditing and soft deleting functionality for those tables to be out of the box just like we have for the ABPUSERS table. For now I can manually extend the ABPROLES table to include them. However, and this is where I have hit a roadblock, I am unable to extend the ABPUSERROLES table because it does not inherit from the IHasExtraProperties interface.

    That is the issue I need resolving at this point in time, been able to extend the ABPUSEROLES table to include additional fields (in my case, an ISDELETED column of type bool).

    Regards

  • User Avatar
    0
    liangshiwei created
    Support Team

    Hi,

    IdentityUserRole is just a join entity type. It is difficult to implement soft delete for it. you can subscribe to delete events of users and roles. and delete records(physical delete) from the IdentityUserRole table in the event handler.

  • User Avatar
    0
    tunji created

    Hello lianshiwei,

    We were inheriting our role related entities from the FullAuditedAggregateRoot<Guid> class, as soon as I updated the classes to Entity<Guid>, my issue went away.

    I was able to make this change because we decided we were going to create the Roles at startup and lock them down so no changes can be made and no auditing would be required.

    Thnaks for your help.

Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13