none
Advice on permissions for asp.net core Identity document sharing web api app. RRS feed

  • Question

  • Advice on permissions for asp.net core Identity

    Hello,

    I'm implementing a docuemnt website where people can create and share,edit documents with pulic or people in thier organisation in a webapp (web api asp.net core 2.2, currently using Identity and JWT).
    My question is what way should I approach authorization is it possilbe with just identity or will i need extra tables.

    Here are some permssions the user will have on docs:

    Can Read,
    Can Edit,
    Can Create,
    Can Delete

    Can Share:
    - Can make the docutment Publicly accessible
    - Can share with another User(individual) private doc
    - Can share with users in organisation

    Think of it kind of like google docs you can see a list of docs and share with org or other users.

    How would i approach creating authorization for such shared resources User Claims ? Custom Permissions table ?
    A view for the list page ?

    Any Advice would be helpful!



    // Sudo code
    Docuemnt{
    id,orgId?, // maybe no org
    name,
    creadedByUserId
    }
    
    Organisation{
    orgId,
    name,
    ICollection<identityUser> users
    }
    
    identityUser{
    UserId,
    orgId?,  // maybe no orgusername,
    ICollection<identity role> roles
    ICollection<identity claim> claimsICollection<Docuemnt> documents  // Documents created by this user
    }

    • Moved by CoolDadTx Wednesday, September 4, 2019 1:49 PM ASP.NET related
    Thursday, August 29, 2019 10:25 AM

All replies