Open Closed

Dynamic permissions #7881


User avatar
0
WaelRazouk created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

  • ABP Framework version: v8.1.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi, I have a custom requirement with permissions and would like to hear a suggested solution for it if possible.

Let's say I have an entity (ex: product) with a property OwnerId which is a relation to user entity. Now I need to set permissions for products. If I give a user (user1) the permissions from the permissions dialog, he should be able to list all products (normal and straight-forward behaviour). My custom requirement is that any user that was assigned as OwnerId for some products, should be able to see only the products that he was assigned for (not all products in the system). Example: I have 2 products (p1 and p2) and 2 users user1 with products permission and user2 assigned as owner for p1 => user1 should see the 2 products, user2 should see only p1


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can use a global filter to achieve this.

    see https://abp.io/community/articles/switching-between-organization-units-i5tokpzt

  • User Avatar
    0
    WaelRazouk created

    Global filter is a nice approach, but needs some modifications for my case. I need in some place (maybe inside CreateFilterExpression method or ShouldFilterEntity method) to check the following: if the current user has the static permission (given from permissions dialog), the filter should not be applied (i.e: return all products). But If the user is not given the permission, the filter should apply (return only the products he was assigned as owner for).

    P.S: my solustion is a micro-service solution, so I can't use IPermissionManager in all micro-services (the PermissionManagement module is only added to AdministrationService)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can use IPermissionChecker to check the permissions of the current users in microservices.

    
    namespace Volo.Abp.Authorization.Permissions;
    
    public interface IPermissionChecker
    {
        Task<bool> IsGrantedAsync([NotNull] string name);
    
        Task<bool> IsGrantedAsync(ClaimsPrincipal? claimsPrincipal, [NotNull] string name);
    
        Task<MultiplePermissionGrantResult> IsGrantedAsync([NotNull] string[] names);
    
        Task<MultiplePermissionGrantResult> IsGrantedAsync(ClaimsPrincipal? claimsPrincipal, [NotNull] string[] names);
    }
    
  • User Avatar
    0
    WaelRazouk created

    Thanks I solved my problem

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Good news.

Made with ❤️ on ABP v9.1.0-preview. Updated on October 11, 2024, 07:13