Managing Roles And Assignments
This guide explains how responsibilities become available, how to create roles, and how to assign roles to users.
These entities are used to manage permissions and can be accessed and created like any other entity.
- User
- Role
- Responsibility
Creating Roles, Responsibilities, and setting permissions
- Responsibilities are created in the database automatically when you define them.
- Use
[DataGenerator(DataKind.BlankData, 1)]to create roles and assign responsibilities. Make sure your class inherits from ICreateData.
using Benevia.Core.API.Communications.Authentication.Models;
using Benevia.Core.API.Database;
using Benevia.Core.API.Roles;
using Benevia.Core.DataGenerator;
[Logic]
public class ContactBL(Contact.Logic contact, IResponsibilityRegistry access) : ICreateData
{
const string ViewContactsResponsibility = "View contacts";
const string EnterIndividualContactsResponsibility = "Enter individual contacts";
[RegisterLogic]
public void DefineResponsibilities()
{
access.AddResponsibility(EnterIndividualContactsResponsibility, "Limited permissions for creating contacts", grant =>
{
grant.Entity<Contact>()
.CreateAndDelete()
.Write(c => new {c.FirstName, c.LastName, c.PrimaryEmail, c.PrimaryPhone, c.MailingAddress})
.Read(c => new {c.Website, c.Note});
grant.Entity<Address>()
.View()
.Write(c => new {c.StreetAddress, c.City, c.State, c.PostalCode});
});
access.AddResponsibility(ViewContactsResponsibility, "View all contact information", grant =>
{
//...
});
}
[DataGenerator(DataKind.BlankData, 1)]
public void CreateRoles(IDataContext dataContext, EventContext context)
{
var salesManagerRole = context.GetEntity<Role>("Sales Manager");
var salesPersonRole = new Role()
{
Name = "Salesperson",
Description = "A sales person has access to sales functionality such as orders and customers.",
SupervisorId = salesManagerRole?.Id
};
dataContext.AddEntity(salesPersonRole);
salesPersonRole.AddResponsibility(dataContext, EnterIndividualContactsResponsibility);
salesPersonRole.AddResponsibility(dataContext, ViewContactsResponsibility);
}
}
Supervisor roles
SupervisorId creates a permission inheritance chain. A supervisor automatically inherits all permissions from every role that lists it as a supervisor.
var salesManagerRole = new Role()
{
Name = "Sales Manager"
};
dataContext.AddEntity(salesManagerRole);
var salesPersonRole = new Role()
{
Name = "Salesperson",
SupervisorId = salesManagerRole.Id // Sales Manager inherits all Salesperson permissions
};
dataContext.AddEntity(salesPersonRole);
This means you only need to assign responsibilities to a supervisor role for permissions that go beyond what the subordinate roles already cover.
Adding a responsibility to an existing role
If the role already exists because of another feature, you can add the responsibility in this way. Note: you will need to set the DataGenerator priority so that it runs after the data generator subscriber that made the role.
using Benevia.Core.API.Communications.Authentication.Models;
using Benevia.Core.API.Roles;
[DataGenerator(DataKind.BlankData, 4)]
public void CreateRoles(IDataContext dataContext, EventContext context)
{
var salesPersonRole = context.GetEntity<Role>("Salesperson") ?? throw new InvalidOperationException("Salesperson role does not exist");
salesPersonRole.AddResponsibility(dataContext, "My additional responsibility");
}