Hello,
I really like the way how authorization is implenented in ASP.NET Zero.
However, I need a more sophisticated way of granting permissions: I'm developing something similar to a a project management system, where tenants/ users can manage project files. The system is also feature-based (upload, download, edit, ...), but some features need to be in combination with project id. For example, user 1 has full access to project 1 but no access to project 2, user 2 has access to some features regarding project 1 and so on. Of course, I also need global permissions like 'create new projects' (actually this is possible with the current implementation).
When I look at AbpPermissions table in SQL Server, it seems that it's almost what I need, I only need to add more dimensions, i.e. ProjectId.
Is there a possbility to extend integrated authorization module to fulfil my needs?
Edit: Forgot to mention that I'm using ASP.NET Core & jQuery (current version 6.9.1)
8 Answer(s)
-
1
Hi, abp permission is designed to be action base permission (i.e. create new user/role, update user/role details, delete user/role) on
User
,Role
levels only (currently it does not support enforcing a user to be ONLY able update/delete for CERTAIN users/roles)if you need permission control at per project level, then you should add
UserId
orRoleId
to your project entity and implement a separate permission check for it. -
0
Hi,
thanks for your quick reply.
I'm currently upgrading an existing project from Classic ASP.NET (Webforms) to ASP.NET Zero and basically your suggestion is how I did it in the previous version. Where should this permission check take place in ASP.NET Zero to follow best practise? I'm quite new to ASP.NET Core and thought I could maybe extend/overload or "copy" abp permission to follow best practises.
I also need to show/hide menu items based on custom permission checks.
Thanks in advance Claus
-
1
Hi, the way to implements depends on the permission's granularity on your project entity.
Abp permission only allow customisation of allowed/approval actions (e.g. CRUD) that a user can perform.
If your business logic required permissions to be configured for different project entities and different user that assigned to it. You will not be able to reuse Abp permission, instead please use the approaches of creating
ProjectPermission
orProjectAssignment
(with permissions).Where should this permission check take place in ASP.NET Zero to follow best practise?
Generally you can declare Abp permissions in your authorization provider, e.g.
AppPermissions.Pages_Project_Management
AppPermissions.Pages_Project_Management_Create
AppPermissions.Pages_Project_Management_Update
AppPermissions.Pages_Project_Management_Delete
and use these for
show/hide menu items based on custom permission checks
As for project entity, you can create a seperate domain service (e.g.
ProjectPermissionChecker
) to handleCRUD
permissions at project entity level. -
0
Thank you very much for your clear response.
I'll try to implement it this way :)
Just to clarify, my main menu also depends on project's permissions and items will change when a user switches between projects. That means, for some items I can't use AppPermissions approach to perform show/hide actions. Yet I have no idea how I will accomplish this, since .AddItem(...) in AppNavigationProvider only allows permissionDependency or featureDependency... initially I thought I could write something like this:
menu .AddItem(new MenuItemDefinition( AppPageNames.Common.Project, L("UploadFiles"), permissionDependency: new ExtendedPermissionDependency(AppPermissions.Pages_Project_Upload, CurrentProjectId) )
by creating my own "ExtendedPermissionDependency" class.
Best regards Claus
-
0
Hi, the idea of creating your own permission dependency is good.
However, it might require quite a bit of work to get current project id in permission context.
you can consider checking for current project id in your own
IUserNavigationManager
instead -
0
Hi,
great tip - that was easy to accomplish :)
Thank you very much!
-
0
How to accomplish the same in AspnetCore+angular8?
-
0
How to accomplish the same in AspnetCore+angular8?