Page 1 of 2

Extended user with specific permission

PostPosted: Tue Jul 24, 2018 7:59 am
by Ricavir
Hi,

I'm creating this topic following this first one : https://forum.aspnetboilerplate.com/viewtopic.php?f=5&t=11553&p=30940#p30940 where I was asking for implementation advice.

I'm trying to build an application that provides specific permissions according to authenticated user :
1/ Permissions for basic users > same behavior as regular aspnetzero application
2/ Permissions for "external" users > limited to very limited UI

As you can see, the goal is to limit application for users that are considered as "externals".

I'm planning to extend user entity with a boolean property called "IsExternal". This property will be set to true if an external user submits some data (like creating a ticket for assistance purpose). All other users will have this property set to false.
this property will be available on angular side by using AppSessionService > this allows to restrict UI easily (like chat, account managements...) for external users.

Nevertheless, I'm facing some chalenges with this design. I would like to manage users in two different ways.
I want to manage standard users with existing UI (with Angular UserComponent) and create a dedicated UI for external users.

- How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere :shock:
- How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?
- How can I adapt user repository to provide standard users OR external users but never displaying both ?

Thank you for your help

Re: Extended user with specific permission

PostPosted: Tue Jul 24, 2018 4:02 pm
by aaron
- How can I separate permissions for standard users and for external users ? should I do it in PermissionAppService ? Or by implementing some filtering somewhere

You can subclass Permission, add a flag, and then use it to filter.
- How can I separate roles for classic users and roles for external users ? With RoleManager ? With RoleAppService ?

You can subclass User and Role, add a flag, and then use it to filter.
- How can I adapt user repository to provide standard users OR external users but never displaying both ?

You can subclass User, add a flag, and then use it to filter.

Re: Extended user with specific permission

PostPosted: Wed Jul 25, 2018 6:55 am
by Ricavir
Tks @aaron,

You can subclass Permission, add a flag, and then use it to filter.

How can I subclass Permission ?

Last but not least, where would you suggest to do the filtering :
- On Infrastructure Layer ? (custom data filter over EF Core is not supported...)
- On Domain Layer ? On UserManager, RoleManager, PermissionManager
- On Application Layer ? On all AppServices

Re: Extended user with specific permission

PostPosted: Wed Jul 25, 2018 4:16 pm
by aaron
How can I subclass Permission ?

Code: Select allpublic class MyPermission : Permission
{
}

custom data filter over EF Core is not supported...

?

Re: Extended user with specific permission

PostPosted: Wed Jul 25, 2018 5:32 pm
by Ricavir
I already tried to subclass Permission with new class PermissionWithExternal

Code: Select all public class PermissionWithExternal : Permission
    {
        public bool IsExternal { get; set; }

        public PermissionWithExternal(string name, ILocalizableString displayName = null, ILocalizableString description = null, MultiTenancySides multiTenancySides = MultiTenancySides.Tenant | MultiTenancySides.Host, IFeatureDependency featureDependency = null, bool isExternal = false) : base(name, displayName, description, multiTenancySides, featureDependency)
        {
        }

    }


Migration for this is not working. I have following exception :
No suitable constructor found for entity type 'Permission'. The following parameters could not be bound to properties of the entity: 'name', 'displayName', 'description', 'featureDependency'.

Even so, I still not found how to filter permissions based on derived entity PermissionWithExternal !
I can see that the static class PermissionManagerExtensions is used to add specific method... but then, I'm lost !

My goal is to override method CreateChildPermission and have possibility to define IsExternal property to true or false.

Can you please guide me ?


?

About data filtering limitation with EF Core :
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#orm-integrations

Re: Extended user with specific permission

PostPosted: Thu Jul 26, 2018 5:56 am
by Ricavir
I also found abstract class PersmissionSetting

https://github.com/aspnetboilerplate/as ... Setting.cs

When I subclass it with an additional property and run migration, AbpPermission table is updated ! I don't really know how ! Should be a mapping somewhere.

What should I do then : subclass Permission class or PermissionSetting class ?
And how to filter permissions over PermissionManager after ?

Re: Extended user with specific permission

PostPosted: Sat Jul 28, 2018 8:12 am
by Ricavir
Can you please give me a hint on how to extend permission entity and use it over aspnetzero ?

Re: Extended user with specific permission

PostPosted: Sat Jul 28, 2018 1:52 pm
by maliming
https://aspnetzero.com/Documents/Extend ... g-Entities

This tutorial is a step by step guide to learn how to add new properties to existing entities, from database layer to UI layer.

Re: Extended user with specific permission

PostPosted: Sat Jul 28, 2018 2:00 pm
by Ricavir
Tks @maliming, but have look to previous exchanges... I already extend entities but for Permission is specific.

And want to extend Permission or PermissionSetting and be able to filter on added property.

Any idea ?

Re: Extended user with specific permission

PostPosted: Sun Jul 29, 2018 1:51 pm
by aaron
PermissionSetting is a setting (or assignment) of a permission. For example, UserPermissionSetting is a setting of a permission for an user.

Your IsExternal flag is permission-specific, not assignment-specific, so extend Permission definition (which is not an entity).