Skip to content
/ xaf-separate-employees-data-in-different-departments-using-security-permissions Public

This example demonstrates how to use XAF's Security System to implement the access control/authorization requirements.

License

View license
4 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DevExpress-Examples/xaf-separate-employees-data-in-different-departments-using-security-permissions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
CS
CS
 
 
media
media
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
config.json
config.json
 
 

Repository files navigation

XAF - How to restrict inter-departmental data access using Security Permissions (EF Core)

This example demonstrates how to use XAF's Security System to implement the following access control/authorization requirements:

  • User Role (users: user1, user12, user2, user22) - read-only access to their own Department, corresponding Department Goals, the User list in that department, and Tasks assigned to these users.

  • Manager Role (users: manager1, manager2) - read-write access to their own Department, corresponding Department Goals, User list, and their Tasks. Managers can link or unlink existing entities.

  • Administrator Role (users: Admin) - full access to all entities in the application. Administrators can create new entities.

  • All users can view shared Tasks. All managers can edit shared Tasks.

You can log in as any user. Type in a user name and an empty password.

Implementation Details

  1. In the SolutionName.Module/DatabaseUpdate/Updater file, configure security permissions at the type, object, and member level (with criteria). To build complex criteria against associated objects, use the ContainsOperator together with the built-in CurrentUserId and IsCurrentUserInRole criteria functions.

  2. In the SolutionName.Module/BusinessObjects folder, implement the Department, DepartmentGoal, and MyTask business classes.

  3. Set the following settings in the builder.Security.UseIntegratedMode() method call:

    options.Events.OnSecurityStrategyCreated = securityStrategy => {
    ((SecurityStrategy)securityStrategy).AssociationPermissionsMode = 
      AssociationPermissionsMode.Manual;
};
options.RoleType = typeof(PermissionPolicyRole);
options.UserType = typeof(FilterRecords.Module.BusinessObjects.ApplicationUser);
options.UserLoginInfoType = 
  typeof(FilterRecords.Module.BusinessObjects.ApplicationUserLoginInfo);

    For complete implementation, review the following files: ApplicationBuilder.cs (WinForms module) and Startup.cs (Blazor module).

  4. In the SolutionName.Module/Controllers folder, optionally implement a Controller to hide the protected content columns in a List View and Property Editors in a Detail View. For more information, see this help topic.

NOTE: You can find implementation details for the XPO ORM in the 18.2.2+ branch.

More Examples

Does this example address your development requirements/objectives?

(you will be redirected to DevExpress.com to submit your response)

About

This example demonstrates how to use XAF's Security System to implement the access control/authorization requirements.

Topics

framework dotnet efcore xaf security-permissions

Resources

Readme

License

View license
Activity
Custom properties

Stars

4 stars

Watchers

57 watching

Forks

7 forks
Report repository

Contributors 12

Languages