GranularPermissions.Mvc
0.0.2-alpha
See the version list below for details.
dotnet add package GranularPermissions.Mvc --version 0.0.2-alpha
NuGet\Install-Package GranularPermissions.Mvc -Version 0.0.2-alpha
<PackageReference Include="GranularPermissions.Mvc" Version="0.0.2-alpha" />
paket add GranularPermissions.Mvc --version 0.0.2-alpha
#r "nuget: GranularPermissions.Mvc, 0.0.2-alpha"
// Install GranularPermissions.Mvc as a Cake Addin #addin nuget:?package=GranularPermissions.Mvc&version=0.0.2-alpha&prerelease // Install GranularPermissions.Mvc as a Cake Tool #tool nuget:?package=GranularPermissions.Mvc&version=0.0.2-alpha&prerelease
GranularPermissions
The world's most over-engineered permissions system.
Features
- Generic nodes (not tied to a resource)
- Resource-bound nodes, evaluated with respect to a particular resource marked
IPermissionManaged
- Simple chains allow/deny grants with respect to an identifier (e.g. user ID)
- Evaluated one after each other in order of provided
Index
to come up with a final pass/fail answer
- Evaluated one after each other in order of provided
- Default disallow policy if no matching grants
- Complex resource-bound grants using a DSL which is compiled into AST transformation at startup and then evaluated at runtime
- AspNetMvc (Core) extensions for registering services, logging permissions for debugging etc
Terminology
- Node: A permission entry. Something that can be done that needs its access controlled.
- These have a key which by convention is represented as
EntityName.[SubGroup].Action
.
- These have a key which by convention is represented as
- Grants: Allow/deny rules that cover a single permission node. Can be typed as
Generic
orResourceBound
. - ResourceBound grant: Evaluation of the grant must be performed in the context pf a resource.
- For example,
Product.Edit
probably requires the product in question to be considered when checking to see if the user should have the permission or not.
- For example,
- Generic grant: Does not require a resource when evaluating. E.g.
Product.Create
. - Chain: grants are organised into chains and have identifiers within a chain. When nodes are checked, all
grants that match the identifier in the specified chain are considered.
- Example chains:
Groups
orUsers
- Example identifiers:
Group ID
orUser ID
- Example chains:
- Condition: An additional requirement on top of a ResourceBound grant. Written in a DSL for this permissions system.
DSL examples
new Cat
{
Breed = CatBreed.Bengal,
Age = 10,
Name = "Felix"
}
You could write some conditions for a resource bound grant on node Cat.Adopt
:
resource.Name == "Felix" || resource.Age < 10
resource.Age != 5
Supported operators: <=
, >=
, <
, >
, &&
, ||
, .
, ==
, !=
, !
Usage
From a ASP.NET MVC Core project, in ConfigureServices
in Startup.cs
:
services.AddScoped<IPermissionGrantProvider, SomePermissionGrantProvider>();
services.AddGranularPermissions(typeof(Permissions));
SomePermissionGrantProvider
must implement IPermissionGrantProvider
. Its role is to
return all grants (which implement IPermissionGrantSerialized
) persisted in the system.
You may wish to retrieve them from a database, for instance.
The Permissions
class must define all permission nodes you wish to exist in your project:
public static class Permissions
{
public static class Product
{
public static readonly ResourceNode<ProductModel> View =
new ResourceNode<ProductModel>("Product.View", "View an individual product");
public static readonly GenericNode Create =
new GenericNode("Product.Create", "Create a product");
public static readonly ResourceNode<ProductModel> Buy =
new ResourceNode<ProductModel>("Product.Purchase", "Purchase an individual product");
}
public static class Cat
{
public static readonly ResourceNode<ProductModel> Pet =
new ResourceNode<ProductModel>("Cat.Pet", "Pet the cat without being bitten/scratched");
public static readonly GenericNode Adopt =
new GenericNode("Cat.Adopt", "Be adopted by a cat");
}
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp2.0 is compatible. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
-
.NETCoreApp 2.0
- GranularPermissions (>= 0.0.2-alpha)
- Microsoft.AspNetCore (>= 2.0.2)
- Microsoft.AspNetCore.Mvc.Abstractions (>= 2.0.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.5 | 1,217 | 5/16/2021 |
1.0.1-beta | 1,510 | 6/14/2019 |
1.0.0-beta | 1,630 | 8/23/2018 |
0.0.4-alpha | 988 | 3/21/2018 |
0.0.3-alpha | 786 | 3/20/2018 |
0.0.2-alpha | 849 | 3/20/2018 |