Base solution for your next web application
Open Closed

Extended user with specific permission #5414


User avatar
0
Ricavir created

Hi,

I'm creating this topic following this first one : [https://forum.aspnetboilerplate.com/viewtopic.php?f=5&t=11553&p=30940#p30940]) where I was asking for implementation advice.

I'm trying to build an application that provides specific permissions according to authenticated user : 1/ Permissions for basic users > same behavior as regular aspnetzero application 2/ Permissions for "external" users > limited to very limited UI

As you can see, the goal is to limit application for users that are considered as "externals".

I'm planning to extend user entity with a boolean property called "IsExternal". This property will be set to true if an external user submits some data (like creating a ticket for assistance purpose). All other users will have this property set to false. this property will be available on angular side by using AppSessionService > this allows to restrict UI easily (like chat, account managements...) for external users.

Nevertheless, I'm facing some chalenges with this design. I would like to manage users in two different ways. I want to manage standard users with existing UI (with Angular UserComponent) and create a dedicated UI for external users.

  • How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere :shock:
  • How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?
  • How can I adapt user repository to provide standard users OR external users but never displaying both ?

Thank you for your help


16 Answer(s)
  • User Avatar
    0
    aaron created
    Support Team
    • How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere

    You can subclass Permission, add a flag, and then use it to filter.

    • How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?

    You can subclass User and Role, add a flag, and then use it to filter.

    • How can I adapt user repository to provide standard users OR external users but never displaying both ?

    You can subclass User, add a flag, and then use it to filter.

  • User Avatar
    0
    Ricavir created

    Tks @aaron,

    You can subclass Permission, add a flag, and then use it to filter.

    How can I subclass Permission ?

    Last but not least, where would you suggest to do the filtering :

    • On Infrastructure Layer ? (custom data filter over EF Core is not supported...)
    • On Domain Layer ? On UserManager, RoleManager, PermissionManager
    • On Application Layer ? On all AppServices
  • User Avatar
    0
    aaron created
    Support Team

    How can I subclass Permission ?

    public class MyPermission : Permission
    {
    }
    

    custom data filter over EF Core is not supported...

    ?

  • User Avatar
    0
    Ricavir created

    I already tried to subclass Permission with new class PermissionWithExternal

    public class PermissionWithExternal : Permission
        {
            public bool IsExternal { get; set; }
    
            public PermissionWithExternal(string name, ILocalizableString displayName = null, ILocalizableString description = null, MultiTenancySides multiTenancySides = MultiTenancySides.Tenant | MultiTenancySides.Host, IFeatureDependency featureDependency = null, bool isExternal = false) : base(name, displayName, description, multiTenancySides, featureDependency)
            {
            }
    
        }
    

    Migration for this is not working. I have following exception : No suitable constructor found for entity type 'Permission'. The following parameters could not be bound to properties of the entity: 'name', 'displayName', 'description', 'featureDependency'.

    Even so, I still not found how to filter permissions based on derived entity PermissionWithExternal ! I can see that the static class PermissionManagerExtensions is used to add specific method... but then, I'm lost !

    My goal is to override method CreateChildPermission and have possibility to define IsExternal property to true or false.

    Can you please guide me ?

    ?

    About data filtering limitation with EF Core : [https://aspnetboilerplate.com/Pages/Documents/Data-Filters#orm-integrations])

  • User Avatar
    0
    Ricavir created

    I also found abstract class PersmissionSetting

    <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Zero.Common/Authorization/PermissionSetting.cs">https://github.com/aspnetboilerplate/as ... Setting.cs</a>

    When I subclass it with an additional property and run migration, AbpPermission table is updated ! I don't really know how ! Should be a mapping somewhere.

    What should I do then : subclass Permission class or PermissionSetting class ? And how to filter permissions over PermissionManager after ?

  • User Avatar
    0
    Ricavir created

    Can you please give me a hint on how to extend permission entity and use it over aspnetzero ?

  • User Avatar
    0
    maliming created
    Support Team

    <a class="postlink" href="https://aspnetzero.com/Documents/Extending-Existing-Entities">https://aspnetzero.com/Documents/Extend ... g-Entities</a>

    This tutorial is a step by step guide to learn how to add new properties to existing entities, from database layer to UI layer.

  • User Avatar
    0
    Ricavir created

    Tks @maliming, but have look to previous exchanges... I already extend entities but for Permission is specific.

    And want to extend Permission or PermissionSetting and be able to filter on added property.

    Any idea ?

  • User Avatar
    0
    aaron created
    Support Team

    PermissionSetting is a setting (or assignment) of a permission. For example, UserPermissionSetting is a setting of a permission for an user.

    Your IsExternal flag is permission-specific, not assignment-specific, so extend Permission definition (which is not an entity).

  • User Avatar
    0
    Ricavir created

    @aaron : I'm trying to implement additional property to Permission definition. I've subclassed Permission class with MyPermission. My permission has an additional boolean property called "IsExternal".

    How can I create a permission based on MyPermission class ?

    Do I need to create a new manager based on PermissionManager (eg: MyPermissionManager) ? I tried to do so but I'm getting lost with IPermissionDefinitionContext and AppAuthorizationProvider !

    Please help, I'm getting around this for days now :shock:

  • User Avatar
    0
    ismcagdas created
    Support Team

    @Ricavir you might need to replace both PermissionManager, UserManager and RoleManager as well. Where do you plan to use IsExternal property ?

  • User Avatar
    0
    Ricavir created

    @ismcagdas I plan to use IsExternal in PermissionManager. I need to filter permissions displayed for standard users and for users with IsExternal set to true.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Then, you need to create your own PermissionManager similar to this one <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp/Authorization/PermissionManager.cs">https://github.com/aspnetboilerplate/as ... Manager.cs</a>.

    Then replace IPermissionManager with your version like below in the PreInitialize method of your core module.

    Configuration.ReplaceService<IPermissionManager, MyPermisisonManager>(DependencyLifeStyle.Singleton);
    

    add a field to AbpSession as explained here <a class="postlink" href="https://gist.github.com/ismcagdas/6f2a9a3b5d7b907cb8d94a72124d59a1">https://gist.github.com/ismcagdas/6f2a9 ... 72124d59a1</a>. Then use this field in GetAllPermissions of your PermissionManager to filter permissions by IsExternal field.

  • User Avatar
    0
    Ricavir created

    Great ! this is exactly what I was looking for ! I will implement base on this and give your a feedback ASAP

  • User Avatar
    0
    Ricavir created

    @ismcagdas : I tried your solution.

    I've created a class called PermissionWithExternal that inherits from permission and adds a property ISExternal. I've created a PermissionWithExternalManager like you suggested on your previous comment (I've took PermissionMAnager has an example) I've also created a new PermissionDictionary class to manage PermissionWithExternal class.

    Now I'm blocked with AppAuthorizationProvider cause I'm obliged to use createPermission method defined in interface IPermissionDefinitionContext (and this method uses Permission class and not PermissionWithExternal)

    Is it possible to change this behavior so that I can create permissions by using my own class PermissionWithExternal ?

  • User Avatar
    0
    ismcagdas created
    Support Team

    You can create similar extension methods for IPermissionDefinitionContext which will work with PermissionWithExternal.