Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Application Security and Data Safety > Security (Access Control & Authentication) > Authorization and Data Protection > Check Access Permissions > Determine if the Current User Has Specific Permissions
All docs
V23.2
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Security (Access Control & Authentication)
Security Tiers
User Logon and Authentication
ORM Object Model, Policy Configuration and Storage
Authorization and Data Protection
Check Access Permissions
Determine if the Current User Has Specific Permissions
Show a List of Users Allowed to Read an Object
Filter out Secured Data Based on the Object Owner
Prevent Users from Deleting and Updating Administrative User and Role Objects
Non-XAF UI Scenarios
Security Considerations
Audit Trail (History of Data Changes)
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Determine if the Current User Has Specific Permissions

  • 3 minutes to read

Determine if a User Is an Administrator

This example demonstrates how to show an Action for users with administrative permissions only.

  1. Create a new ViewController with SimpleAction.
  2. Use the GetSecurityStrategy(XafApplication) method and User property to access the current user.
  3. Check if this user has an administrative role in the Roles collection.
  4. Set the Action’s Active property according to the result of the permission check above.
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Actions;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.Base;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
using System.Linq;
// ...
public class MyController : ViewController {
    SimpleAction adminAction;
    public MyController() {
        adminAction = new SimpleAction(this, "ActionForAdmins", PredefinedCategory.View);
        // ...
    }
    protected override void OnActivated() {
        base.OnActivated();
        SecurityStrategy security = Application.GetSecurityStrategy();
        PermissionPolicyUser user = (PermissionPolicyUser)security.User;
        adminAction.Active["ForAdminsOnly"] = user.Roles.Any(r => r.IsAdministrative);
    }
}

Determine if a User Has a Particular Role

This example demonstrates how to show an Action for users with the “Manager” role only.

  1. Create a new ViewController with SimpleAction.
  2. Use the GetSecurityStrategy(XafApplication) method and User property to access the current user.
  3. Call the IsUserInRole(IUserWithRoles, String) method with the “Manager” parameter to check if the user has the role with this name.
  4. Set the Action’s Active property according to the result of the role check above.
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Actions;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.Base;
// ...
public class MyController : ViewController {
    SimpleAction managerAction;
    public MyController() {
        managerAction = new SimpleAction(this, "ActionForManagers", PredefinedCategory.View);
        // ...
    }
    protected override void OnActivated() {
        base.OnActivated();
        ISecurityUserWithRoles currentUser = (ISecurityUserWithRoles)SecuritySystem.CurrentUser;
        managerAction.Enabled["ForManagersOnly"] = currentUser.IsUserInRole("Manager");
    }
}

Check if a User Has Permission to Perform a Specific Operation

Permission to Edit the Application Model

  1. Create a new ViewController.
  2. Use the GetSecurityStrategy(XafApplication) method and User property to access the current user.
  3. Use the CanEditModel property to check if the user has permission to edit the Application Model.
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
using System.Linq;
// ...
public class MyController : ViewController {
    protected override void OnActivated() {
        base.OnActivated();
        SecurityStrategy security = Application.GetSecurityStrategy();
        PermissionPolicyUser user = (PermissionPolicyUser)security.User;
        if (user.Roles.Any(r => r.CanEditModel)) {
            // ...
        }
    }
}

Permission to Edit an Object of a Specific Type

  1. Create a new ViewController.
  2. Use the GetSecurityStrategy(XafApplication) method to access the Security Strategy instance.
  3. Use the CanWrite<T>(SecurityStrategy, String) method to check if the user has permission to edit the Department‘s Office property.

Note

You can also use other IsGrantedExtensions methods to check permissions for CRUD and navigate operations. You can check permissions for the current user, a specific user, or a particular role.

using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Security;
// ...
public class MyController : ViewController {
    protected override void OnActivated() {
        base.OnActivated();
        SecurityStrategy securityStrategy = Application.GetSecurityStrategy();
        if (!securityStrategy.CanWrite<Department>(nameof(Department.Office))) {
            // ...
        }
    }
}
See Also