Hello,
We try to implement row level auth mechanism. For that firstly we think about global filters. But we had to give up. Because us conditions not static, users will create dynamic conditions like x user for a table just can see y column equal 'xxx'. But global filters adding conditions even not need to current user. We can pass fake value to ignore condition but queries will grow and we need set dynamically without restart app.
Then we decied to override base abp repository methods. Which method would be correct to hack to implement this or do you have any other suggestions?
5 Answer(s)
-
0
Do you mean authorization based on entity properties or do I understand wrong?
-
0
Yes. For example, I have EntityRowLevelPermission table, users can create row based permissions and store there (like x == 5 condition must apply for user or group a). Then I cache it and building expression on runtime. But I have to apply this expressions. But where? Global filters look like not help me.
-
0
We don't have any support or infrastructure for entity property level (row level) authorization. This seems a general question about query interacted authorization. Maybe stackoverflow can help better?
-
0
I can override some base repository method to do this, for example like ApplyFilter, just i will override IQuaryable object. But I guess you don't have a common method that every request goes through.
-
0
No, we don't have any common method that intercepts every query. Maybe customized data filters work for your case.