C#C
C#7mo ago
MrG

How does one do resource based access control

For example a user can access a resource but there perms on realise can be changed on a user level like a specific use can add or not add actions etc for a specific case etc

Example code 

public class CasePermission
{
    public string Id { get; set; } = Guid.NewGuid().ToString();

    public bool CanAddActions { get; set; }

    public string CaseId { get; set; }
    public Case Case { get; set; } = null!;

    public string UserId { get; set; }
    public string UserName { get; set; }
}


In code for creating a case action the check is 


var hasPerm = await _dbcontext.CasePermissions.Where(x => x.CaseId == caseId && x.UserId == userId && x.CanAddActions == true).AnyAsync();
            if (!hasPerm)
            {
                result.AddError(BusinessRuleCodes.CasePermissions);
                return result;
            }
Was this page helpful?