- ABP Framework version: v8.2.0
- UI Type: Blazor Server
- Database System: EF Core (SQL Server,
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
I need a suggestion.
We have 3 users (mark, james and roger), grouped in 2 roles (admin (mark and james) and viewer(roger)).
We have a domain entity called customer with 5 properties (name, surname, address, city, vatID)
admin users can edit and view all the properties viewer users can edit only the name and the surname e view the adress, city and vatID james can only view name and surname
We need to manage this in the front end and also in the API (if james is logged in swagger he haven't to see the value of the fields)
How we can manage this by ABP framework?
4 Answer(s)
-
0
hi
You can check the permissions of current users in the application service layer.
Then, fill the entity properties to dto.
If there is no permission, set the DTO property to
emptyornull. -
0
Do you have an example code of something similar?
-
0
I haven't understand how to do this.
-
0
This is very simple. You only need to check the current user's permissions and then set values for the DTO class in application services.
https://abp.io/docs/latest/framework/fundamentals/authorization#iauthorizationservice
