Dynamic permissions #7881 | ABP Support | ABP.IO | ABP Support

WaelRazouk created 6 days ago

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

ABP Framework version: v8.1.1
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi, I have a custom requirement with permissions and would like to hear a suggested solution for it if possible.

Let's say I have an entity (ex: product) with a property OwnerId which is a relation to user entity. Now I need to set permissions for products. If I give a user (user1) the permissions from the permissions dialog, he should be able to list all products (normal and straight-forward behaviour). My custom requirement is that any user that was assigned as OwnerId for some products, should be able to see only the products that he was assigned for (not all products in the system). Example: I have 2 products (p1 and p2) and 2 users user1 with products permission and user2 assigned as owner for p1 => user1 should see the 2 products, user2 should see only p1

5 Answer(s)

0

maliming created 6 days ago
Support Team Fullstack Developer

hi

You can use a global filter to achieve this.

see https://abp.io/community/articles/switching-between-organization-units-i5tokpzt
0

WaelRazouk created 6 days ago

Global filter is a nice approach, but needs some modifications for my case. I need in some place (maybe inside CreateFilterExpression method or ShouldFilterEntity method) to check the following: if the current user has the static permission (given from permissions dialog), the filter should not be applied (i.e: return all products). But If the user is not given the permission, the filter should apply (return only the products he was assigned as owner for).

P.S: my solustion is a micro-service solution, so I can't use IPermissionManager in all micro-services (the PermissionManagement module is only added to AdministrationService)

maliming created 6 days ago

Support Team Fullstack Developer

You can use IPermissionChecker to check the permissions of the current users in microservices.


namespace Volo.Abp.Authorization.Permissions;

public interface IPermissionChecker
{
    Task<bool> IsGrantedAsync([NotNull] string name);

    Task<bool> IsGrantedAsync(ClaimsPrincipal? claimsPrincipal, [NotNull] string name);

    Task<MultiplePermissionGrantResult> IsGrantedAsync([NotNull] string[] names);

    Task<MultiplePermissionGrantResult> IsGrantedAsync(ClaimsPrincipal? claimsPrincipal, [NotNull] string[] names);
}

0

WaelRazouk created 4 days ago

Thanks I solved my problem
0

maliming created 2 days ago
Support Team Fullstack Developer

Good news.

Have an answer to this question? Log in and write your answer.