expressappframework-403824-data-security-and-safety-security-system-authorization-and-data-protection-check-access-permissions-determine-if-a-current-user-has-particular-permissions.md
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
[HttpGet]
public IEnumerable<string> Get(ISecurityProvider securityProvider) {
ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
bool isAdministativeRole = user.Roles.Any(r => ((PermissionPolicyRole)r).IsAdministrative);
// ...
}
}
DevExpress.ExpressApp.Security.UserWithRolesExtensions.IsUserInRole(DevExpress.Persistent.Base.Security.IUserWithRoles,System.String) method with the "Manager" parameter to check if the user has a role with this name.using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
[HttpGet]
public IEnumerable<string> Get(ISecurityProvider securityProvider) {
ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
bool isManager = user.IsUserInRole("Manager");
// ...
}
}
Alternatively, you can inspect a user’s Roles collection to determine if the user belongs to a certain role:
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
[HttpGet]
public IEnumerable<string> Get(ISecurityProvider securityProvider) {
ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
bool isManager = user.Roles.Any(r => r.Name == "Managers");
// ...
}
}
Use one of the following techniques to check for a user role in criteria syntax:
You can use the IsCurrentUserInRole criteria function in your filters. For example: IsCurrentUserInRole('Administrators').
You can use Free Joins on the current user’s Roles collection. For example: [<PermissionPolicyRole>][Name='Managers' && Users[Oid=CurrentUserId()]]
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
[HttpGet]
public IEnumerable<string> Get(ISecurityProvider securityProvider) {
ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
if (user.Roles.Any(r => r.CanEditModel)) {
// ...
}
// ...
}
}
Department‘s Office property.Note
You can also use other IsGrantedExtensions methods to check permissions for CRUD and navigate operations. You can check permissions for the current user, a specific user, or a particular role.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
[HttpGet]
public IEnumerable<string> Get(ISecurityProvider securityProvider) {
ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
if (!securityStrategy.CanWrite<Department>(ObjectSpace, nameof(Department.Office))) {
// ...
}
// ...
}
}
See Also
Access the Currently Logged User for Data Filtering, Business Logic, and Security Permissions