Open Closed

Permission based on master records #2737


User avatar
0
imranStem created

I have one entity called Warehouses. I have created a total of 3 warehouses and we have a number of orders based on these warehouses. Now I want to integrate the permissions based on the warehouses.

For Example: Warehouse A, Warehouse B, and Warehouse C. One user can have multiple warehouse permissions. Suppose, User A has the permission of warehouse A then that user can see only warehouse A orders.

Can you please guide has how we can integrate the permissions based on entity records?

Can we assign a role while creating the warehouse and check the role on the warehouse? or Can we use the organization unit and assign organization unit to the warehouses?

  • ABP Framework version: v4.3.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

1 Answer(s)
  • User Avatar
    0
    berkansasmaz created
    Support Team

    ABP extends ASP.NET Core Authorization by adding permissions as auto policies and allowing authorization system to be usable in the application services too.

    So it supports complex scenarios such as:

    public Task MyAction1Async()
    {
        await CheckMyAction1PolicyAsync();
        // ...
    }
    
    public Task MyAction2Async()
    {
        await CheckMyAction2PolicyAsync();
        // ...
    }
    
    public Task MyAction3Async()
    {
        await CheckMyAction3PolicyAsync();
        // ...
    }
    
    private Task CheckMyAction1PolicyAsync()
    {
        // requires Permission1 and Permission2
        await AuthorizationService.CheckAsync("Permission1");
        await AuthorizationService.CheckAsync("Permission2");
    }
    
    private Task CheckMyAction2PolicyAsync()
    {
        // requires Permission1 or Permission2
        if (!await AuthorizationService.IsGrantedAnyAsync("Permission1", "Permission2"))
        {
            throw new AbpAuthorizationException("my code");
        }
    }
    
    private Task CheckMyAction3PolicyAsync()
    {
        // requires (Permission1 or Permission2) and Permission3
        if (!await AuthorizationService.IsGrantedAnyAsync("Permission1", "Permission2") ||
            !await AuthorizationService.IsGrantedAsync("Permission3"))
        {
            throw new AbpAuthorizationException("my code");
        }
    }
    

    In addition, using Organization Unit will make your job easier in terms of management.

    Organization units (OU) is a part of Identity Module and can be used to hierarchically group users and entities.

    References:

    1. https://github.com/abpframework/abp/pull/10152
    2. https://docs.abp.io/en/abp/3.1/Modules/Organization-Units#:~:text=Organization%20units%20(OU)%20is%20a,hierarchically%20group%20users%20and%20entities.
Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54