IEntityIdAuthorizer

Members

Namespace: ASPSecurityKit.Authorization
Assembly: ASPSecurityKit.dll

Summary

Provides an interface to perform data authorization on operation parameters, request DTOs etc. in conjunction with IReferencesProvider<TIdMemberReference>.

Remarks

At a high level, data authorization is performed as follows:

  • Traverse through the given object/parameters (including their nested properties in case of complex type) and capture the special parameters/properties (having a non-nul value or at least one element in case of collections) that are deemed as identifiers (entityIds).

  • Obtain related references using IReferencesProvider<TIdMemberReference> for each such captured entityId if a loader is available for it; otherwise, just use that entityId value. Related references are usually ancestors, or higher level entityIds in terms of entity relationship hierarchy, which can be used to authorize operations on child or lower level entityIds.

  • Authorize each such entityId using its related references collection via IsAuthorized. Only one permitted reference is enough to authorize an entityId for the current operation.

  • If any of the entityIds couldn’t be authorized, Failed will be returned with Unauthorized, DoNotOwnEntityIds and AuthError collection having unauthorized entityId(s) information.

  • Finally, perform The entity suspension check using IsSuspended and report the failure if any. For detailed information, visit https://ASPSecurityKit.net/docs/how-to-perform-activity-based-data-aware-authorization/

Methods

Authorize(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
entityName System.String The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

Authorize(permissionCode,dto,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
entityName System.String The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

IsAuthorized(permissionCode,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorized(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
idContainers System.Boolean One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
possessesPermissionCheckIfNoIdParamProvided System.Object[] Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorized(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsSuspended(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension

AuthorizeAsync(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
entityName System.String The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided,cancellationToken)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
entityName System.String The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
doNotPerformGeneralPermitCheck System.Threading.CancellationToken Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false.
cancellationToken System.Boolean The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,dto,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
entityName System.String The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,dto,entityName,cancellationToken,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
entityName System.String The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them.
cancellationToken System.Threading.CancellationToken The cancellation token.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

IsAuthorizedAsync(permissionCode,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorizedAsync(permissionCode,cancellationToken,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
cancellationToken System.Threading.CancellationToken The cancellation token.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
idContainers System.Boolean One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
possessesPermissionCheckIfNoIdParamProvided System.Object[] Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,cancellationToken,possessesPermissionCheckIfNoIdParamProvided)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
idContainers System.Boolean One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
cancellationToken System.Threading.CancellationToken The cancellation token.
possessesPermissionCheckIfNoIdParamProvided System.Object[] Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided,cancellationToken)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
possessesPermissionCheckIfNoIdParamProvided System.Boolean Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsSuspendedAsync(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension

IsSuspendedAsync(permissionCode,idMembers,cancellationToken)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension