Support forum for ASP.NET Zero (https://aspnetzero.com/).
By Ricavir
#30944 Hi,

I'm creating this topic following this first one : https://forum.aspnetboilerplate.com/viewtopic.php?f=5&t=11553&p=30940#p30940 where I was asking for implementation advice.

I'm trying to build an application that provides specific permissions according to authenticated user :
1/ Permissions for basic users > same behavior as regular aspnetzero application
2/ Permissions for "external" users > limited to very limited UI

As you can see, the goal is to limit application for users that are considered as "externals".

I'm planning to extend user entity with a boolean property called "IsExternal". This property will be set to true if an external user submits some data (like creating a ticket for assistance purpose). All other users will have this property set to false.
this property will be available on angular side by using AppSessionService > this allows to restrict UI easily (like chat, account managements...) for external users.

Nevertheless, I'm facing some chalenges with this design. I would like to manage users in two different ways.
I want to manage standard users with existing UI (with Angular UserComponent) and create a dedicated UI for external users.

- How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere :shock:
- How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?
- How can I adapt user repository to provide standard users OR external users but never displaying both ?

Thank you for your help
User avatar
By aaron
#30960
- How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere

You can subclass Permission, add a flag, and then use it to filter.
- How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?

You can subclass User and Role, add a flag, and then use it to filter.
- How can I adapt user repository to provide standard users OR external users but never displaying both ?

You can subclass User, add a flag, and then use it to filter.
By Ricavir
#30973 Tks @aaron,

You can subclass Permission, add a flag, and then use it to filter.

How can I subclass Permission ?

Last but not least, where would you suggest to do the filtering :
- On Infrastructure Layer ? (custom data filter over EF Core is not supported...)
- On Domain Layer ? On UserManager, RoleManager, PermissionManager
- On Application Layer ? On all AppServices
By Ricavir
#30998 I already tried to subclass Permission with new class PermissionWithExternal

Code: Select all public class PermissionWithExternal : Permission
    {
        public bool IsExternal { get; set; }

        public PermissionWithExternal(string name, ILocalizableString displayName = null, ILocalizableString description = null, MultiTenancySides multiTenancySides = MultiTenancySides.Tenant | MultiTenancySides.Host, IFeatureDependency featureDependency = null, bool isExternal = false) : base(name, displayName, description, multiTenancySides, featureDependency)
        {
        }

    }


Migration for this is not working. I have following exception :
No suitable constructor found for entity type 'Permission'. The following parameters could not be bound to properties of the entity: 'name', 'displayName', 'description', 'featureDependency'.

Even so, I still not found how to filter permissions based on derived entity PermissionWithExternal !
I can see that the static class PermissionManagerExtensions is used to add specific method... but then, I'm lost !

My goal is to override method CreateChildPermission and have possibility to define IsExternal property to true or false.

Can you please guide me ?


?

About data filtering limitation with EF Core :
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#orm-integrations
By Ricavir
#31011 I also found abstract class PersmissionSetting

https://github.com/aspnetboilerplate/as ... Setting.cs

When I subclass it with an additional property and run migration, AbpPermission table is updated ! I don't really know how ! Should be a mapping somewhere.

What should I do then : subclass Permission class or PermissionSetting class ?
And how to filter permissions over PermissionManager after ?
By Ricavir
#31074 Tks @maliming, but have look to previous exchanges... I already extend entities but for Permission is specific.

And want to extend Permission or PermissionSetting and be able to filter on added property.

Any idea ?
User avatar
By aaron
#31087 PermissionSetting is a setting (or assignment) of a permission. For example, UserPermissionSetting is a setting of a permission for an user.

Your IsExternal flag is permission-specific, not assignment-specific, so extend Permission definition (which is not an entity).