Security: Difference between revisions
| (18 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Various concepts are in place to either grant or deny users specific access to the application. | |||
Various concepts are in place to either grant or deny users specific access to the application. The following permissions are available for each type. | |||
== Rights by definition type == | |||
The following permissions are available for each type. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ Rights by definition type | ||
! | ! Type !! Permissions | ||
|- | |||
| [[Entity|Entities]] || Create, Read, Update and Delete | |||
|- | |- | ||
| | | [[Property|Properties]] || Create, Read and Update | ||
|- | |- | ||
| [[Method|Methods]] || Execute | |||
| | |||
|} | |} | ||
== Access modifiers == | == Access modifiers == | ||
| Line 25: | Line 26: | ||
} | } | ||
</pre> | </pre> | ||
In the example above the property maximum availability is read access. | |||
== Attributes == | == Attributes == | ||
To further limit access if access modifiers are not feasible is by using the Availability attribute. This attribute defines the maximum available permissions for a property. The options are None, Writeonly and Readonly. | To further limit access if access modifiers are not feasible is by using the [[Availability (attribute)|availability attribute]]. This attribute defines the maximum available permissions for a property. The options are None, Writeonly and Readonly. | ||
<pre> | <pre> | ||
| Line 36: | Line 39: | ||
} | } | ||
</pre> | </pre> | ||
In the example above the property maximum availability is read access. | |||
== Roles == | == Roles == | ||
A role defines which classes, properties and methods the user has access to. A user can be added in multiple roles and the cummultative permission set of classes, properties and methods will be the users final access profile. | A [[Role|role]] defines which classes, properties and methods the user has access to. A user can be added in multiple roles and the cummultative permission set of classes, properties and methods will be the users final access profile. Roles are registered and added to the application using [[Module|modules]]. | ||
<pre> | <pre> | ||
public class ExampleAccessProfile : CodedAccessProfile | public class ExampleAccessProfile : CodedAccessProfile | ||
| Line 46: | Line 51: | ||
Set<Class1>() | Set<Class1>() | ||
. | .AllowAllRead(); | ||
Set<Class2>() | Set<Class2>() | ||
| Line 55: | Line 59: | ||
Set<Class2>() | Set<Class2>() | ||
.AllowAllUpdate(); | |||
.AllowAllUpdate | |||
} | } | ||
} | } | ||
</pre> | </pre> | ||
In the example above the role has read access to Class1, has full control access to Class2 and update access to Class3. Read access is automatically granted when providing update access. | |||
== Claims == | == Claims == | ||
Claims is another form to limit access to properties or methods. By adding a claim the entity's state determines if the policy is added. | [[Claim|Claims]] is another form to limit access to properties or methods. By adding a claim the entity's state determines if the policy is added. Claims are registered and added to the application using [[Module|modules]]. | ||
<pre> | <pre> | ||
Latest revision as of 06:14, 3 April 2026
Various concepts are in place to either grant or deny users specific access to the application.
Rights by definition type
The following permissions are available for each type.
| Type | Permissions |
|---|---|
| Entities | Create, Read, Update and Delete |
| Properties | Create, Read and Update |
| Methods | Execute |
Access modifiers
The maximum allowed permissions for a property or method is based on the access modifiers of the property. Only public access modifiers can be accessed by users. This is based on the getter (read access) and the setter (write access).
public virtual string ExampleProperty
{
get;
protected set;
}
In the example above the property maximum availability is read access.
Attributes
To further limit access if access modifiers are not feasible is by using the availability attribute. This attribute defines the maximum available permissions for a property. The options are None, Writeonly and Readonly.
[Availability(Availability.ReadOnly)]
public virtual string Name
{
get; set;
}
In the example above the property maximum availability is read access.
Roles
A role defines which classes, properties and methods the user has access to. A user can be added in multiple roles and the cummultative permission set of classes, properties and methods will be the users final access profile. Roles are registered and added to the application using modules.
public class ExampleAccessProfile : CodedAccessProfile
{
protected override void Configure()
{
Set<Class1>()
.AllowAllRead();
Set<Class2>()
.AllowAllCreate()
.AllowAllUpdate()
.AllowDelete();
Set<Class2>()
.AllowAllUpdate();
}
}
In the example above the role has read access to Class1, has full control access to Class2 and update access to Class3. Read access is automatically granted when providing update access.
Claims
Claims is another form to limit access to properties or methods. By adding a claim the entity's state determines if the policy is added. Claims are registered and added to the application using modules.
public class ExampleClaim : Claim<CustomEntity>
{
protected override bool CanApply(CustomEntity entity)
{
return entity.BooleanCheck;
}
protected override void Set(CodedAccessPolicyBuilder<CustomEntity> policy)
{
policy.DenyMethod(i => i.MyMethod());
}
}
In the above example the method MyMethod() is denied access if the BooleanCheck value is true.
