Skip to main content
All docs
V24.2

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

Determine if the Current User Has Specific Permissions

  • 3 minutes to read

#Determine if a User Is an Administrator

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Check if this user has an administrative role in the Roles collection.

Note

This code snippet and other code snippets in this topic use Dependency Injection to access application security, which is only supported in .NET applications. In .NET Framework applications, use the XafApplicationExtensions.GetSecurityStrategy static method instead:

SecurityStrategy security = Application.GetSecurityStrategy()

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isAdministativeRole = user.Roles.Any(r => ((PermissionPolicyRole)r).IsAdministrative);
        // ...
    }

}

#Determine if a User Has a Particular Role

#Use the IsUserInRole Extension Method

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Call the UserWithRolesExtensions.IsUserInRole method with the "Manager" parameter to check if the user has a role with this name.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isManager = user.IsUserInRole("Manager");
        // ...
    }
}

#Use the Current User’s Roles Collection

Alternatively, you can inspect a user’s Roles collection to determine if the user belongs to a certain role:

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isManager = user.Roles.Any(r => r.Name == "Managers");
        // ...
    }
}

#Use Criteria Syntax (in Filters)

Use one of the following techniques to check for a user role in criteria syntax:

  • You can use the IsCurrentUserInRole criteria function in your filters. For example: IsCurrentUserInRole('Administrators').

  • You can use Free Joins on the current user’s Roles collection. For example: [<PermissionPolicyRole>][Name='Managers' && Users[Oid=CurrentUserId()]]

#Check if a User Has Permission to Perform a Specific Operation

#Permission to Edit the Application Model

  1. Get the current user object as the following topic describes: Get the Current User in Code.
  2. Use the CanEditModel property to check if the user has permission to edit the Application Model.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        if (user.Roles.Any(r => r.CanEditModel)) {
            // ...
        }
        // ...
    }
}

#Permission to Edit an Object of a Specific Type

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Use the IsGrantedExtensions.CanWrite method to check if the user has permission to edit the Department‘s Office property.

Note

You can also use other IsGrantedExtensions methods to check permissions for CRUD and navigate operations. You can check permissions for the current user, a specific user, or a particular role.

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        if (!securityStrategy.CanWrite<Department>(ObjectSpace, nameof(Department.Office))) {
            // ...
        }
        // ...
    }
}
See Also