Support for role-based authorization #316
-
Hello again, 😄 I was able to provide my custom authenticated user object which contains set of effective roles and in particular endpoints I want to do a pre-check that the user has a particular role granted. Ideally this could happen before the request is routed to a handling method and before the payload is parsed to save some compute time (but not required). I'm using webservice approach. So I was thinking about some custom attribute to decorate my methods with the required role, but I don't know how or if this can be plugged to the existing functionality. Could you please steer me in the right direction? This is what I have at the moment, particularly I don't like that I have to add a reference to the full [ResourceMethod(RequestMethod.POST, "user")]
public void CreateUser(UserRecord user, IRequest request)
{
request.Authorize(Roles.AuthAdmin);
_controller.CreateUser(user);
} Under the hoods my request.GetUser<AuthUser>().Roles.Contains(role)
// ... and throw Provider Exception if not This is what I would like to have instead: [ResourceMethod(RequestMethod.POST, "user")]
[ProtectedMethod(Roles.AuthAdmin)]
public void CreateUser(UserRecord user)
{
_controller.CreateUser(user);
} Thank you in advance for any suggestions. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Thanks for your question - this one is tough to be solved without changing the framework itself because the Regarding the Regarding the role check, adding concerns to the |
Beta Was this translation helpful? Give feedback.
-
I think we successfully made this available in 9.3, so I will close here 😉 |
Beta Was this translation helpful? Give feedback.
I think we successfully made this available in 9.3, so I will close here 😉