Authorization - View Only Role

ccre-support · November 19, 2021, 2:41am

I know how to create roles and assign roles to the Grid view & Add views.

However I'm struggling to see how I can create a role such as 'ViewOnly' where a user in that role can see the grid list, but is prevented from Editing or Deleting actions on the grid view.

Am I missing something?
Do I need to implement by way of policy?

Thanks in advance
John

ccre-support · November 19, 2021, 3:27am

the only way I could find was to use the partial class technique and implement for

partial void OnSomeTypeDeleted(...)

However, this won't work for me as I cannot inject the SecurityService (which I need) in order to check if the user is in a particular Role so back to square one...

korchev · November 19, 2021, 6:57am

You can probably hide the Delete button in the DataGrid. Set its Visible property to ${!Security.IsInRole("ViewOnly")}

You can also inject the SecurityService to the CRUD service. Check this article which shows how: Customize CRUD pages | Create a Blazor CRM application with Radzen (Blazor)

ccre-support · November 19, 2021, 6:57am

So i got further with injecting the SecurityService so can use that now.

Now the way the code is structure in the generated part of the partial Service we have this:

I'm suggestin the partial method should be moved after the call to remove so in the custom partial can modify/reverse the behaviour if required

korchev · November 19, 2021, 7:03am

There are two partial methods for this purpose. However reversing a delete seems as a big overhead. Ideally you should not invoke the delete operation unless the user can do so. Use the Condition property of the Invoke data source action or hide the Delete button altogether.

ccre-support · November 19, 2021, 7:03am

The Delete button has no reference so not sure how that can be done:

We have button0, splitbutton0 and that's it.

The delete button is defined here:

ccre-support · November 19, 2021, 7:12am

I think the second partial method is too late - the changes are commited by then.
I can only use the first partial if I go down that route - and that can't undo the delete so pretty much no useful either.

There seems to be no ref handle set a visible property on (which to be honest is easily circumvented so not my choice unless no other).

You mentioned "Use the Condition property of the Invoke data source action..."

Can you explain a little bit more?

korchev · November 19, 2021, 7:20am

The delete button is available in the Template of the last column. Edit the columns and then edit the Template.

korchev · November 19, 2021, 7:21am

You can check here

ccre-support · November 19, 2021, 7:42am

When you say "template" do you mean editing this file?

I thought that would be generated so lose any changes I make to it?

It appears not to so that was surprising...so if I add another column to my data source and hit "infer" - will the grid change then? will this not in turn remove my custom changes?

korchev · November 19, 2021, 7:49am

No, I mean the Template property of the DataGrid column.

ccre-support · November 19, 2021, 10:12am

Cheers, got it!
Suggest there has to be a more succint way for such a common scenario esp for CRUD apps
Appreciate the prompt support all the same
Cheers,
John (WA, Australia)