Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Field level permissions #2515


User avatar
0
SperseDev created

Hi, Could you suggest how to implement field level permissions using ASP.NET Boilerplate framework?

For example: I have entity Customer with fields Name, Address, Email. Some users should have permissions to read/modify Email field values.

I know how to check current user permission and how to show/hide appropriated fields on view. But what about service endpoint methods?

It would be great to have one place to specify these permissions, may be by attributes on entity's fields:

[ReadPermission("Customer.Email.Read")]
[ModifyPermission("Customer.Email.Write")]
public string Email {get; set; }

Then I need to have methods to control read/update permissions on field level:

  1. Method to get list of entity's fields to read/modify by current user permissions:
string[] fields = Customer.Metadata.GetReadFields(User.Permissions);
  1. Method to ignore fields on retrieving list of entities:
_customerRepository.GetAllIncluding("Name", "Address");
  1. Method to ignore mapping field values at runtime on creating/updating entity:
var customer = customerInput.MapTo<Customer>("Name", "Address");

Thanks in advance!


1 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    ABP framework has not such a feature as you know. We are thinking to add such a feature in the long term, but it's not clear yet. I suggest you to implement it yourself.

    "how to implement" suggestion is not easy to answer because we haven't designed or thought on it deeply. I believe this is a fairly generic topic and you can find some patterns on the web.