Replies: 2 comments 3 replies
-
|
Switching roles are from RBAC systems, Abp uses permission system. Roles are the combination list of the permissions. |
Beta Was this translation helpful? Give feedback.
-
|
ABP allows to set user-based permissions, but that's not you're looking for. I think that your idea is interesting. Roles are stored in claims (in authentication ticket), so they can't be changed without re-login. In the framework side, we can provide a way to select the current role (with a cookie or http header), and if it is selected then we can consider that selection on permission checking and on other related functionalities. One problem can be related to be fully integrated to asp.net core. asp.net core also can check roles in some cases (when you use authorize attribute with role name, for example) and we may not change that behavior. I've created an issue for that to evaluate it for next versions: #8527 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply. I will follow up that issue. I saw a community article with an example of setting claims and roles programmatically at a custom login. But I would prefer not to logout-login or modify the existing login-flow to handle this. |
Beta Was this translation helpful? Give feedback.
-
|
I am about to try this out and wondering about one thing in your answer @hikalkan. |
Beta Was this translation helpful? Give feedback.
-
|
I think I got it working. Used a |
Beta Was this translation helpful? Give feedback.
-
Is there any functionality for selecting current role when a user does have multiple roles? If not I will have to look into implementing such a thing. So I'm basically looking after a way to use only a role-set of permissions if the user has multiple roles. The permissions in the application is set only for roles, not per user.
Beta Was this translation helpful? Give feedback.
All reactions