This example demonstrates how to use XAF's Security System to implement the following access control/authorization requirements:
-
User Role (users: user1, user12, user2, user22) - read-only access to their own Department, corresponding Department Goals, the User list in that department, and Tasks assigned to these users.
-
Manager Role (users: manager1, manager2) - read-write access to their own Department, corresponding Department Goals, User list, and their Tasks. Managers can link or unlink existing entities.
-
Administrator Role (users: Admin) - full access to all entities in the application. Administrators can create new entities.
-
All users can view shared Tasks. All managers can edit shared Tasks.
You can log in as any user. Type in a user name and an empty password.
-
In the SolutionName.Module/DatabaseUpdate/Updater file, configure security permissions at the type, object, and member level (with criteria). To build complex criteria against associated objects, use the ContainsOperator together with the built-in
CurrentUserId
andIsCurrentUserInRole
criteria functions. -
In the SolutionName.Module/BusinessObjects folder, implement the
Department
,DepartmentGoal
, andMyTask
business classes. -
Set the following settings in the
builder.Security.UseIntegratedMode()
method call:options.Events.OnSecurityStrategyCreated = securityStrategy => { ((SecurityStrategy)securityStrategy).AssociationPermissionsMode = AssociationPermissionsMode.Manual; }; options.RoleType = typeof(PermissionPolicyRole); options.UserType = typeof(FilterRecords.Module.BusinessObjects.ApplicationUser); options.UserLoginInfoType = typeof(FilterRecords.Module.BusinessObjects.ApplicationUserLoginInfo);
For complete implementation, review the following files: ApplicationBuilder.cs (WinForms module) and Startup.cs (Blazor module).
-
In the SolutionName.Module/Controllers folder, optionally implement a Controller to hide the protected content columns in a List View and Property Editors in a Detail View. For more information, see this help topic.
NOTE: You can find implementation details for the XPO ORM in the 18.2.2+ branch.
(you will be redirected to DevExpress.com to submit your response)