❔ Ownership-based permission system...?
So, in my ASP.NET 7 app I have a system of user clubs. Each club can have a founder and members, and each member can also be a mod for that community. The roles of a founder and moderator are represented as an enum on the join table.
Now, I want to restrict some stuff to given roles. Like, only the founder can edit the settings of the club, and only the moderators or founders can kick or ban users. And you need to be a member to post there, etc.
Currently, I just add one more
Now, I want to restrict some stuff to given roles. Like, only the founder can edit the settings of the club, and only the moderators or founders can kick or ban users. And you need to be a member to post there, etc.
Currently, I just add one more
.Where() to each query that checks for the given role, but maybe there's some better solution? Some middleware or something that'd let me just slap [Authorize(PolicyNames.ClubFounder)] onto a controller and be done with it?