Permissions

Permissions are used to control user access to a web application resources. You can manage them (add, edit, and delete) from the backend using the Audience/Permissions section:

../../_images/19.png

Each permission has name, code, and position. Position might be used to sort the permissions in the correct order:

../../_images/27.png

Once you have created a permission, you can assign it to a role (and then to a user). While signing in, all the user roles and all the permissions from that roles are attached to the user as the claims. These claims then can be checked from the code:

if (context.User.HasClaim(PlatformusClaimTypes.Permission, Permissions.BrowseUsers))
{
}

Platformus uses authorization policies to control access to the controllers and actions:

[Area("Backend")]
[Authorize(Policy = Policies.HasBrowseUsersPermission)]
public class UsersController : Barebone.Backend.Controllers.ControllerBase { }

In order to be able to use an authorization policy, it should be added to the authorization options inside the services.AddAuthorization() extension method:

services.AddAuthorization(options =>
  {
    foreach (IAuthorizationPolicyProvider authorizationPolicyProvider in ExtCore.Infrastructure.ExtensionManager.GetInstances<IAuthorizationPolicyProvider>())
      options.AddPolicy(authorizationPolicyProvider.Name, authorizationPolicyProvider.GetAuthorizationPolicy());
  }
);

As you can see, the ExtCore framework’s ExtensionManager class is used to get all the instances of the IAuthorizationPolicyProvider interface implementations. Then method IAuthorizationPolicyProvider.GetAuthorizationPolicy() is used to get the authorization policies.

So, if the permission is used to control access to a controller or action, you need to implement the IAuthorizationPolicyProvider interface and then add corresponding attribute to the controller or action. If you only want to check the permission from code, you don’t have to implement that interface.