Skip to content

This example demonstrates how to use XAF's Security System to implement the access control/authorization requirements.

License

Notifications You must be signed in to change notification settings

DevExpress-Examples/xaf-separate-employees-data-in-different-departments-using-security-permissions

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

XAF - How to restrict inter-departmental data access using Security Permissions (EF Core)

This example demonstrates how to use XAF's Security System to implement the following access control/authorization requirements:

  • User Role (users: user1, user12, user2, user22) - read-only access to their own Department, corresponding Department Goals, the User list in that department, and Tasks assigned to these users.

  • Manager Role (users: manager1, manager2) - read-write access to their own Department, corresponding Department Goals, User list, and their Tasks. Managers can link or unlink existing entities.

  • Administrator Role (users: Admin) - full access to all entities in the application. Administrators can create new entities.

  • All users can view shared Tasks. All managers can edit shared Tasks.

You can log in as any user. Type in a user name and an empty password.

Implementation Details

  1. In the SolutionName.Module/DatabaseUpdate/Updater file, configure security permissions at the type, object, and member level (with criteria). To build complex criteria against associated objects, use the ContainsOperator together with the built-in CurrentUserId and IsCurrentUserInRole criteria functions.

  2. In the SolutionName.Module/BusinessObjects folder, implement the Department, DepartmentGoal, and MyTask business classes.

  3. Set the following settings in the builder.Security.UseIntegratedMode() method call:

    options.Events.OnSecurityStrategyCreated = securityStrategy => {
        ((SecurityStrategy)securityStrategy).AssociationPermissionsMode = 
          AssociationPermissionsMode.Manual;
    };
    options.RoleType = typeof(PermissionPolicyRole);
    options.UserType = typeof(FilterRecords.Module.BusinessObjects.ApplicationUser);
    options.UserLoginInfoType = 
      typeof(FilterRecords.Module.BusinessObjects.ApplicationUserLoginInfo);

    For complete implementation, review the following files: ApplicationBuilder.cs (WinForms module) and Startup.cs (Blazor module).

  4. In the SolutionName.Module/Controllers folder, optionally implement a Controller to hide the protected content columns in a List View and Property Editors in a Detail View. For more information, see this help topic.

NOTE: You can find implementation details for the XPO ORM in the 18.2.2+ branch.

More Examples

Does this example address your development requirements/objectives?

(you will be redirected to DevExpress.com to submit your response)

About

This example demonstrates how to use XAF's Security System to implement the access control/authorization requirements.

Topics

Resources

License

Stars

Watchers

Forks

Languages