Hi, I have defined two permissions as bellow:
var advertisement = context.CreatePermission(PermissionNames.Advertisement);
advertisement.CreateChildPermission(PermissionNames.Advertisement_CreateAd, L("Advertisement.CreateAd"));
advertisement.CreateChildPermission(PermissionNames.Advertisement_ViewAd, L("Advertisement.ViewAd"));
I am not quite sure how they work though! I am wondering if a role with Advertisement Permission would be able to Create and View ads or I have to grant all three permissions to a role specifically?
Generally, I am wonder how I can grant all defined permissions to an Admin Role efficiently.
1 Answer(s)
-
0
Hi,
CreateAd and ViewAd are subpermissions. If one role/user has Advertisement permission granted, he can enter to Advertisement page, see advertisements and so on but can not create a new ad unless he is granted for CreateAd.
This is our suggested approach. But permission system is flexible. You define a permission and check it anywhere in your code.
Granting all to admin can be done in EF seed code (like that: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero-template/blob/master/src/AbpCompanyName.AbpProjectName.EntityFramework/Migrations/SeedData/HostRoleAndUserCreator.cs#L39">https://github.com/aspnetboilerplate/mo ... tor.cs#L39</a>). We do it like that.
