Skip to main content
All docs
V24.2

Determine if the Current User Has Specific Permissions

  • 3 minutes to read

Determine if a User Is an Administrator

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Check if this user has an administrative role in the Roles collection.

Note

This code snippet and other code snippets in this topic use Dependency Injection to access application security, which is only supported in .NET applications. In .NET Framework applications, use the XafApplicationExtensions.GetSecurityStrategy static method instead:

SecurityStrategy security = Application.GetSecurityStrategy()

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isAdministativeRole = user.Roles.Any(r => ((PermissionPolicyRole)r).IsAdministrative);
        // ...
    }

}

Determine if a User Has a Particular Role

Use the IsUserInRole Extension Method

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Call the UserWithRolesExtensions.IsUserInRole method with the "Manager" parameter to check if the user has a role with this name.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isManager = user.IsUserInRole("Manager");
        // ...
    }
}

Use the Current User’s Roles Collection

Alternatively, you can inspect a user’s Roles collection to determine if the user belongs to a certain role:

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        bool isManager = user.Roles.Any(r => r.Name == "Managers");
        // ...
    }
}

Use Criteria Syntax (in Filters)

Use one of the following techniques to check for a user role in criteria syntax:

  • You can use the IsCurrentUserInRole criteria function in your filters. For example: IsCurrentUserInRole('Administrators').

  • You can use Free Joins on the current user’s Roles collection. For example: [<PermissionPolicyRole>][Name='Managers' && Users[Oid=CurrentUserId()]]

Check if a User Has Permission to Perform a Specific Operation

Permission to Edit the Application Model

  1. Get the current user object as the following topic describes: Get the Current User in Code.
  2. Use the CanEditModel property to check if the user has permission to edit the Application Model.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        if (user.Roles.Any(r => r.CanEditModel)) {
            // ...
        }
        // ...
    }
}

Permission to Edit an Object of a Specific Type

  1. Get the current user object as described in the following topic: Get the Current User in Code.
  2. Use the IsGrantedExtensions.CanWrite method to check if the user has permission to edit the Department‘s Office property.

Note

You can also use other IsGrantedExtensions methods to check permissions for CRUD and navigate operations. You can check permissions for the current user, a specific user, or a particular role.

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
[Route("api/[controller]")]
[ApiController]
public class CustomEndpointController : ControllerBase {
    [HttpGet]
    public IEnumerable<string> Get(ISecurityProvider securityProvider) {
        ISecurityUserWithRoles user = (ISecurityUserWithRoles)securityProvider.GetSecurity().User;
        if (!securityStrategy.CanWrite<Department>(ObjectSpace, nameof(Department.Office))) {
            // ...
        }
        // ...
    }
}
See Also