Global Permissions¶
Global Permissions serve as the foundational framework for managing access to various features and actions within Virto Commerce.
Define global permissions¶
In Virto Commerce, all permissions are defined through the design time (from the code) for each action grouped by a feature area. In this example, we will be defining two feature areas with CRUD permissions. We are using constants because we will need attributes that require constant expressions:
public class ModuleConstants
{
public static class Security
{
public static class Permissions
{
public const string Read = "order:read";
public const string Create = "order:create";
public const string Update = "order:update";
public const string Access = "order:access";
public const string Delete = "order:delete";
public const string ReadPrices = "order:read_prices";
public static string[] AllPermissions = new[] { Read, Create, Update, Access, Delete, ReadPrices };
}
}
You have to register the permissions in the system in order to be able to use them in authorization checks and for role assignments in the UI:
public void PostInitialize(IApplicationBuilder appBuilder)
{
...
var permissionsProvider = appBuilder.ApplicationServices.GetRequiredService<IPermissionsRegistrar>();
permissionsProvider.RegisterPermissions(ModuleConstants.Security.Permissions.AllPermissions.Select(x =>
new Permission()
{
GroupName = "Orders",
ModuleId = ModuleInfo.Id,
Name = x
}).ToArray());
...
}
Localize permission¶
Virto Platform Manager supports localization resources for text, captions, tips, etc. This is also true for permission names. This is achieved by adding resources with a special key names into the module localization resource file:
Here is an example of the localized permission labels:
...
"permissions": {
"order:read": "View order related data",
"order:create": "Create order related data",
"order:update": "Update order related data",
"order:delete": "Delete order related data",
"order:access": "Access order related data",
"order:read_prices": "View order prices""
},
...
Here is how it looks in the UI:
Check global permissions¶
Global permissions are permissions that do not require any context resources for authorization check. To use such permissions for authorization of your controller methods, you can use the Authorize
attribute to check a particular permission: