Open Closed

Row Level Authorization #2272


User avatar
0
murat.yuceer created

Hello,

We try to implement row level auth mechanism. For that firstly we think about global filters. But we had to give up. Because us conditions not static, users will create dynamic conditions like x user for a table just can see y column equal 'xxx'. But global filters adding conditions even not need to current user. We can pass fake value to ignore condition but queries will grow and we need set dynamically without restart app.

Then we decied to override base abp repository methods. Which method would be correct to hack to implement this or do you have any other suggestions?


5 Answer(s)
  • User Avatar
    0
    gterdem created
    Support Team

    Do you mean authorization based on entity properties or do I understand wrong?

  • User Avatar
    0
    murat.yuceer created

    Yes. For example, I have EntityRowLevelPermission table, users can create row based permissions and store there (like x == 5 condition must apply for user or group a). Then I cache it and building expression on runtime. But I have to apply this expressions. But where? Global filters look like not help me.

  • User Avatar
    0
    gterdem created
    Support Team

    We don't have any support or infrastructure for entity property level (row level) authorization. This seems a general question about query interacted authorization. Maybe stackoverflow can help better?

  • User Avatar
    0
    murat.yuceer created

    I can override some base repository method to do this, for example like ApplyFilter, just i will override IQuaryable object. But I guess you don't have a common method that every request goes through.

  • User Avatar
    0
    gterdem created
    Support Team

    No, we don't have any common method that intercepts every query. Maybe customized data filters work for your case.

Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54