I have one entity called Warehouses. I have created a total of 3 warehouses and we have a number of orders based on these warehouses. Now I want to integrate the permissions based on the warehouses.
For Example: Warehouse A, Warehouse B, and Warehouse C. One user can have multiple warehouse permissions. Suppose, User A has the permission of warehouse A then that user can see only warehouse A orders.
Can you please guide has how we can integrate the permissions based on entity records?
Can we assign a role while creating the warehouse and check the role on the warehouse? or Can we use the organization unit and assign organization unit to the warehouses?
- ABP Framework version: v4.3.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
1 Answer(s)
-
0
ABP extends ASP.NET Core Authorization by adding permissions as auto policies and allowing authorization system to be usable in the application services too.
So it supports complex scenarios such as:
public Task MyAction1Async() { await CheckMyAction1PolicyAsync(); // ... } public Task MyAction2Async() { await CheckMyAction2PolicyAsync(); // ... } public Task MyAction3Async() { await CheckMyAction3PolicyAsync(); // ... } private Task CheckMyAction1PolicyAsync() { // requires Permission1 and Permission2 await AuthorizationService.CheckAsync("Permission1"); await AuthorizationService.CheckAsync("Permission2"); } private Task CheckMyAction2PolicyAsync() { // requires Permission1 or Permission2 if (!await AuthorizationService.IsGrantedAnyAsync("Permission1", "Permission2")) { throw new AbpAuthorizationException("my code"); } } private Task CheckMyAction3PolicyAsync() { // requires (Permission1 or Permission2) and Permission3 if (!await AuthorizationService.IsGrantedAnyAsync("Permission1", "Permission2") || !await AuthorizationService.IsGrantedAsync("Permission3")) { throw new AbpAuthorizationException("my code"); } }
In addition, using Organization Unit will make your job easier in terms of management.
Organization units (OU) is a part of Identity Module and can be used to hierarchically group users and entities.
References:
- https://github.com/abpframework/abp/pull/10152
- https://docs.abp.io/en/abp/3.1/Modules/Organization-Units#:~:text=Organization%20units%20(OU)%20is%20a,hierarchically%20group%20users%20and%20entities.