C
C#2y ago
Angius

❔ Ownership-based permission system...?

So, in my ASP.NET 7 app I have a system of user clubs. Each club can have a founder and members, and each member can also be a mod for that community. The roles of a founder and moderator are represented as an enum on the join table. Now, I want to restrict some stuff to given roles. Like, only the founder can edit the settings of the club, and only the moderators or founders can kick or ban users. And you need to be a member to post there, etc. Currently, I just add one more .Where() to each query that checks for the given role, but maybe there's some better solution? Some middleware or something that'd let me just slap [Authorize(PolicyNames.ClubFounder)] onto a controller and be done with it?
6 Replies
Angius
Angius2y ago
Sure, for the users of my app it might make sense But they're the users of my app first, and then members of their respective clubs within that app So the clubs are kinda-sorta multi-tenant thingamajig...?
ChucklesTheBeard
ChucklesTheBeard2y ago
RBAC (role based access control) lets you specify [Authorize(Roles = "Admin")] in the controller https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-5.0&preserve-view=true#adding-role-checks
Role-based authorization in ASP.NET Core
Learn how to restrict ASP.NET Core controller and action access by passing roles to the Authorize attribute.
Angius
Angius2y ago
Yeah, for the built-in Identity roles Where each user has a role within my app Thing is, users can have roles within my app, and within their clubs So the user can be a Moderator of a "Fizzy Pickle Juice Fanclub", but that doesn't mean they're the moderator of "Spoiled Milk Sucks", let alone the moderator of my site
ChucklesTheBeard
ChucklesTheBeard2y ago
Ah, hmm.
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
Difference between mapping controller directly with app.MapControllers & in app.UseEndpoint method ?I was trying to setup vue.js 3 with asp.net core api in the same project file. one of the problem ❔ I cant get jumping to workIk I am new to scripting but this one is just stupid. For the life of me, the jumping wont seem to w❔ Local Space Clamping Values IssuesOnly the minimum clamping values seem to work correctly, the maximum clamping values are catapulting❔ DebuggingHi I'm using docker compose to up .net application and I'm using Rider IDE. Is it possible to debug ✅ Can i put constraint on ctor in interfaceI know the name is kinda misleading, but i couldn't think of anything else. So can i have interface,❔ Assign Keycloak Roles to User Identity Roles in ASP.NET CoreI'm using OIDC to authenticate with keycloak and finally communicate with Azure. I did the configura❔ empty constructorwhat's the point of using empty constructor method like this❔ Alphabetic assign to numberIm pretty new to C# and i want to get 01 - a 02 - b 03 - c 04 - d .... and other✅ upper bound of BigInteger TypeThe docs say there is no upper bound for the BigInteger type, it is only dependant on our hardware. ❔ Organize database for central replica of applications dataHi, my company has developed a SCADA software that acquires data from our customers machines and all