ASP, Identity, Blazor Give Permission for delete to specific users.
In my Database i have a entity that acts like a group for multible users. There is a m:n relation between groups and users(IdentityUser)
I want that only users in those groups are able to create/update/delete group related data. Like events in a scheduler or messages in the group-chat.
But i can't think of a neat way to prevent other users from adding/deleting things to a group they are not part of. Right now i always get the userId in the controller and then a linq statement checks if there is a user with this Id in the group he wants to access.
This feels a bit wrong because i have to make sure that nobody else gets hold of a foreign userId and it's in a different location than the default role based authorization i use.
I want that only users in those groups are able to create/update/delete group related data. Like events in a scheduler or messages in the group-chat.
But i can't think of a neat way to prevent other users from adding/deleting things to a group they are not part of. Right now i always get the userId in the controller and then a linq statement checks if there is a user with this Id in the group he wants to access.
This feels a bit wrong because i have to make sure that nobody else gets hold of a foreign userId and it's in a different location than the default role based authorization i use.
