How can we achieve User Groups (OU?) with scope only within the group? For example:
Tenant 1
(Store#1)
- User 1
- User 2
(Store#2) - User 3
- User 4
(Store#3) - User 3
- User 5
We would like to have Store#2, Store#3 be within the same scope (Group?), without sharing information (data) with Store#1.
After observing the behavior of OU's, it is a logical grouping but not scoped w/Privacy.
Thoughts?
8 Answer(s)
-
0
So UserGroup fits for you. It's a way of filtering data in a tenant. Each Store can be a UserGroup.
-
0
Can you point me to the documentation about "UserGroups"? I only see Org. Units...
-
0
sorry! I wanted to say Organization Units :)
-
0
Hi @OriAssurant,
AspNet only have Organization Units, you can use it in your case, it seems like a good fit. But, if you want to use both Organization Units and User Groups, then you have to implement User Groups.
As you said, current OU design is a logical grouping but you can use current user's organization units to filter data or similar jobs.
-
0
So in using OU's, how would we prevent cross OU members from seeing each other's data? You're not suggesting modifying every controller output's LINQ statement, are you?
-
0
@OriAssurant, you can create an interface like IHasOrganizationUnit and implement this interface in the entities you want to filter according to current tenant's OUs.
Then, you need to filter this by overriding GetAll method of your base repository. If you are using EF 6.x, you can use <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/Data-Filters#introduction">https://aspnetboilerplate.com/Pages/Doc ... troduction</a>.
The approach is similar to existing ISoftDelete interface.
-
0
Thank you.
I see ISoftDelete is being implement in the below fashion at AbpDbContext: protected override void OnModelCreating(DbModelBuilder modelBuilder) { base.OnModelCreating(modelBuilder); modelBuilder.Filter(AbpDataFilters.SoftDelete, (ISoftDelete d) => d.IsDeleted, false); modelBuilder.Filter(AbpDataFilters.MustHaveTenant, (IMustHaveTenant t, int tenantId) => t.TenantId == tenantId || (int?) t.TenantId == null, 0); //While "(int?)t.TenantId == null" seems wrong, it's needed. See <a class="postlink" href="https://github.com/jcachat/EntityFramework.DynamicFilters/issues/62#issuecomment-208198058">https://github.com/jcachat/EntityFramew ... -208198058</a> modelBuilder.Filter(AbpDataFilters.MayHaveTenant, (IMayHaveTenant t, int? tenantId) => t.TenantId == tenantId, 0); }
However, if I create a new interface like IHasOraginzationUnit, how can I restrict it to just one entity/table in my Project's DbContext?
- I also came across AbpUserStore in the meanwhile. Is there any way I can leverage this feature to achieve my task?
-
0
Hi,
You can define filter similar to IMayHaveTenant. Then, Override the Initialize method of your dbContext, call base's Initialize first and then add your parameter value like below;
this.SetFilterScopedParameterValue(AbpDataFilters.OuDataFilter, AbpDataFilters.Parameters.OuId, AbpSession.OuId?? 0);of course, you need to store user's OuId in the session when user logs in.
