In my ASP.NET Core Application I have created two Roles:
- CompanyAdministrator
- CompanyViewer
Company is an entity on my database.
Any user can create a Company and be an CompanyAdministrator of it.
However, if one user provides access to another user as CompanyViewer for one Company, the new user will not be allowed to manage users in this Company.
So as a user, I can access a lot of companies. Some of those I will be a Administrator, and on others I will be just a Viewer.
Also there will be companies created by others users where I will not have any permission to access.
The question is: how can I relate a specific Role to an User and a Company at same time?
The are some code that I have ultil now:
The User Model:
public class ApplicationUser : IdentityUser
{
public virtual IList<CompanyUser> Companies { get; set; }
}
The Company Model:
public class Company
{
public long ID { get; set; }
[Display(Name = "Title")]
public string Title { get; set; }
[Display(Name = "Users")]
public virtual IList<CompanyUser> Users { get; set; }
}
The Model to Control Relationship (I will rename it to CompanyPermission):
public class CompanyUser
{
[ForeignKey("Company")]
public long CompanyID { get; set; }
public Company Company { get; set; }
[ForeignKey("ApplicationUser")]
[MaxLength(450)]
public string UserID { get; set; }
public ApplicationUser User { get; set; }
public CompanyUserRole Role { get; set; }
}
public enum CompanyUserRole
{
Administrator = 1,
Viewer = 2
}
How I'm checking if some ser has permission to edit a Company:
ApplicationUser appUser = await _userManager.GetUserAsync(User);
var currentCompany = await _context.Company.Include(c => c.Users).SingleOrDefaultAsync(m => m.ID == id);
if (!currentCompany.Users.Where(c => c.UserID == appUser.Id && c.Role == CompanyUserRole.Administrator).Any())
{
return NotFound();
}
How I'm creating the Roles I intend to use instead of the code above:
var companyAdminRole = await _roleManager.FindByNameAsync("CompanyAdmin");
if (companyAdminRole == null)
{
companyAdminRole = new IdentityRole("CompanyAdmin");
await _roleManager.CreateAsync(companyAdminRole);
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.view"));
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.update"));
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.users.view"));
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.users.manage"));
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.analitycs.view"));
await _roleManager.AddClaimAsync(companyAdminRole, new Claim("Permission", "company.analitycs.download"));
}
var companyViewerRole = await _roleManager.FindByNameAsync("CompanyViewer");
if (companyViewerRole == null)
{
companyViewerRole = new IdentityRole("CompanyViewer");
await _roleManager.CreateAsync(companyViewerRole);
await _roleManager.AddClaimAsync(companyViewerRole, new Claim("Permission", "company.view"));
await _roleManager.AddClaimAsync(companyViewerRole, new Claim("Permission", "company.analitycs.view"));
await _roleManager.AddClaimAsync(companyViewerRole, new Claim("Permission", "company.analitycs.download"));
}
