AuthEntityAttribute
Members
Namespace: ASPSecurityKit.ServiceStack
Assembly: ASPSecurityKit.ServiceStack.dll
Summary
Attribute to indicate the complete permission code or entity type part of the permission code for activity-based authorization checks.
Remarks
By default, DTO name is used as the entity type. You can override this behavior on DTO-by-DTO basis using this attribute.
Note: this attribute can be overridden by using AuthActionAttribute for specific action(s). However, if you set IsComplete to true, while overriding, you must also set IsComplete to true. Not doing so will cause both codes to be concatenated resulting in a potentially unexpected permission code.
Constructors
#ctor(code)
Summary
Initializes a new instance of the AuthEntityAttribute class.
Parameters
| Name | Type | Description |
|---|---|---|
| code | System.String | The entity type part of the permission code. |
Properties
PermissionCode
Summary
Gets the entity type part of the permission code.
Value
The entity type part of the permission code.
IsComplete
Summary
Gets or sets a value indicating whether PermissionCode should be treated as complete permission code and as such, action code is not needed. Caution: you must not use this property unless absolutely necessary. Read remarks to learn when you may use this property.
Value
true if PermissionCode should be treated as a complete permission code ; otherwise, false.
Remarks
Setting this property to true means that the specified permission code is used for all of the actions applicable. Hence, this property violates activity-based authorization’s core ideal which is to always have a unique permission code for each action. For this reason, you should always avoid using this property unless it is absolutely necessary. For DTOs that are unique for each action, there’s no violation using this property.
Admin-only area could be considered as one such case where this may be useful. Such section are only accessible to admins and will likely to remain the same throughout the lifetime of the system so rather than creating and managing a unique permission code for each action, you can mark them all at once with higher-level permission – [AuthEntity("Admin", IsComplete = true)].
Note: this attribute can be overridden by using AuthActionAttribute for specific action(s). However, if you set IsComplete to true, while overriding, you must also set IsComplete to true. Not doing so will cause both codes to be concatenated resulting in a potentially unexpected permission code.