docs: add community article on Resource-Based Authorization in ABP Framework#25039
Merged
Conversation
4fdbf44 to
36bfeb1
Compare
Contributor
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 69.9%, saving 865.3 KB.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a new community article about Resource-Based Authorization and extends ABP’s API description/proxy scripting infrastructure to optionally surface XML-doc/attribute-based descriptions (with accompanying test coverage).
Changes:
- Add a new community article: “Resource-Based Authorization in ABP Framework”.
- Add XML documentation extraction support (summary/remarks/returns/param summaries +
[Description]/[Display]) and plumb it into the API definition model whenincludeDescriptions=true. - Refactor API-model creation and proxy-script generation paths to async and add tests covering the new description behavior.
Reviewed changes
Copilot reviewed 1 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| framework/test/Volo.Abp.TestApp/Volo/Abp/TestApp/Application/InterfaceOnlyDocumentedAppService.cs | Adds a test app service implementation used for interface-only XML doc fallback scenarios. |
| framework/test/Volo.Abp.TestApp/Volo/Abp/TestApp/Application/IInterfaceOnlyDocumentedAppService.cs | Adds XML docs on the interface to test doc fallback behavior. |
| framework/test/Volo.Abp.TestApp/Volo/Abp/TestApp/Application/IDocumentedAppService.cs | Adds a documented test app service contract used for API description extraction tests. |
| framework/test/Volo.Abp.TestApp/Volo/Abp/TestApp/Application/Dto/DocumentedDto.cs | Adds a DTO with XML docs and [Description]/[Display] attributes for type/property description tests. |
| framework/test/Volo.Abp.TestApp/Volo/Abp/TestApp/Application/DocumentedAppService.cs | Adds a documented implementation with method/parameter attributes to validate extraction behavior. |
| framework/test/Volo.Abp.TestApp/Volo.Abp.TestApp.csproj | Enables XML doc file generation for the test app assembly. |
| framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApiExploring/XmlDocumentationProviderTests.cs | Adds unit tests for XML documentation parsing/cleanup behaviors. |
| framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApiExploring/AbpApiDefinitionController_Description_Tests.cs | Adds integration tests verifying includeDescriptions behavior and interface fallback. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/ProxyScripting/ProxyScriptManagerCache.cs | Reworks proxy script caching to support async factories and deduplicate concurrent generation. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/ProxyScripting/ProxyScriptManager.cs | Switches proxy script generation flow to async and uses async API model creation. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/ProxyScripting/IProxyScriptManagerCache.cs | Changes the cache abstraction to async-only. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/ProxyScripting/IProxyScriptManager.cs | Changes the proxy script manager abstraction to async-only. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/TypeApiDescriptionModel.cs | Adds Summary/Remarks/Description/DisplayName fields for type descriptions. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ReturnValueApiDescriptionModel.cs | Adds Summary field for return value documentation. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/PropertyApiDescriptionModel.cs | Adds Summary/Description/DisplayName fields for property descriptions. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ParameterApiDescriptionModel.cs | Adds Summary/Description/DisplayName fields for HTTP parameter descriptions. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/MethodParameterApiDescriptionModel.cs | Adds Summary/Description/DisplayName fields for method-parameter descriptions. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/IApiDescriptionModelProvider.cs | Changes the API model provider abstraction to async-only. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ControllerApiDescriptionModel.cs | Adds controller description fields and ensures CreateSubModel preserves them. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ApplicationApiDescriptionModelRequestDto.cs | Adds IncludeDescriptions request flag to control description population. |
| framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ActionApiDescriptionModel.cs | Adds action description fields (summary/remarks/description/display name). |
| framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ProxyScripting/AbpServiceProxyScriptController.cs | Updates controller endpoint to call the async proxy script manager API. |
| framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/AspNetCoreApiDescriptionModelProvider.cs | Implements description population (XML docs + attributes) and interface fallback for API definitions. |
| framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApiExploring/XmlDocumentationProvider.cs | Introduces an XML doc provider that loads/parses XML documentation files and cleans text. |
| framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApiExploring/IXmlDocumentationProvider.cs | Adds the abstraction for XML documentation retrieval. |
| framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApiExploring/AbpApiDefinitionController.cs | Updates API definition endpoint to use async model creation. |
| docs/en/Community-Articles/2026-03-09-Resource-Based-Authorization-in-ABP-Framework/POST.md | Adds the Resource-Based Authorization community article content. |
Comment on lines
+1
to
+5
| # Resource-Based Authorization in ABP Framework | ||
|
|
||
| ABP has a built-in permission system that supports role-based access control (RBAC). You define permissions, assign them to roles, and assign roles to users — once a user logs in, they automatically have the corresponding access. This covers the vast majority of real-world scenarios and is simple, straightforward, and easy to maintain. | ||
|
|
||
| However, there is one class of requirements it cannot handle: **different access rights for different instances of the same resource type**. |
There was a problem hiding this comment.
PR metadata/title indicates this is a docs-only change for a community article, but this PR also introduces significant framework/runtime changes (new XML doc provider, new API description fields, and several public API signature changes). Consider splitting the framework changes into a separate PR or updating the PR title/description to reflect the actual scope, since this affects review/triage and release notes expectations.
EngincanV
approved these changes
Mar 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolve #25035