Skip to content

Permission Provider

A permission is a simple policy that is granted or prohibited for a particular user, role or client.

  • Do define <ModuleName>Consts at domain shared package.
public static class ProjectConsts
{
    public const string GroupName = "ProjectPlanning";
}
  • Do define permission provider in the application contracts package.
  • Do provide tenant logic in order to handle multi tenant requirement.
  • Do integrate with permission with feature management.
public class ProjectPlanningPermissionDefinitionProvider : PermissionDefinitionProvider
{
    public override void Define(IPermissionDefinitionContext context)
    {
        var tenancyStatus = context.ServiceProvider.GetRequiredService<IOptions<AbpMultiTenancyOptions>>().Value.IsEnabled;

        var projectPlanningPermissionGroup = context.AddGroup(
            name: ProjectPlanningPermissions.GroupName,
            displayName: L("Permission:ProjectPlanning")
        );

        #region BaseModel 
        var baseModelPermission = projectPlanningPermissionGroup.AddPermission(
            name: ProjectPlanningPermissions.BaseModel.Permission,
            displayName: L("Permission:BaseModel"), // localization string
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true // by default is activated
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        baseModelPermission.AddChild(
            name: ProjectPlanningPermissions.BaseModel.Assign,
            displayName: L("Permission:BaseModel:Assign"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);
        #endregion

        #region Project
        var projectManagementPermission = projectPlanningPermissionGroup.AddPermission(
            name: ProjectPlanningPermissions.Project.Permission,
            displayName: L("Permission:Project"), // localization string
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true // by default is activated
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        projectManagementPermission.AddChild(
            name: ProjectPlanningPermissions.Project.Create,
            displayName: L("Permission:Project:Create"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        projectManagementPermission.AddChild(
            name: ProjectPlanningPermissions.Project.Edit,
            displayName: L("Permission:Project:Edit"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        projectManagementPermission.AddChild(
            name: ProjectPlanningPermissions.Project.Assign,
            displayName: L("Permission:Project:Assign"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        projectManagementPermission.AddChild(
            name: ProjectPlanningPermissions.Project.ChangeOwner,
            displayName: L("Permission:Project:ChangeOwner"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);

        projectManagementPermission.AddChild(
            name: ProjectPlanningPermissions.Project.Delete,
            displayName: L("Permission:Project:Delete"),
            multiTenancySide: tenancyStatus == true ? MultiTenancySides.Tenant : MultiTenancySides.Both,
            isEnabled: true
        ).RequireFeatures(ProjectPlanningFeatures.Enable);
        #endregion
  • Do define permission for each aggregate
  • Do provide base crud operation permissions
public class ProjectPlanningPermissions
{
    public const string GroupName = ProjectConsts.GroupName;

    public static class Project
    {
        public const string Permission = GroupName + ".Project"; // ProjectPlanning.Project
        public const string Create = Permission + ".Create";
        public const string Edit = Permission + ".Edit";
        public const string Assign = Permission + ".Assign";
        public const string ChangeOwner = Permission + ".Change.Owner";
        public const string Delete = Permission + ".Delete";  // ProjectPlanning.Project.Delete
    }

    public static class BaseModel
    {
        public const string Permission = GroupName + ".BaseModel";
        public const string Assign = Permission + ".Assign";
    }
}
  • Do create reflection helpers to read permission details
public static string[] GetProject()
{
    return ReflectionHelper.GetPublicConstantsRecursively(typeof(Project));
}

public static string[] GetPhase()
{
    return ReflectionHelper.GetPublicConstantsRecursively(typeof(Phase));
}

public static string[] GetAll()
{
    return new List<string>()
                   .Concat(GetBaseModel())
                   .Concat(GetProject())
                   .ToArray();
}