Update - Authentication/Authorization
You can use the [UpdateAuth]
-Attribute to control the permission of a user to update the data of a collection.
Usage
The [UpdateAuth]
-Attribute can be used on the model class and/or on specific fields/properties of the model
- Without attributes: Authentication required
- Policies: A comma separated string of policy-names. All policies have to succeed. Check out Policies for more details
- Function name: You can optionally pass the name of a function in the class that has to return a boolean. The function will get executed to check if the user is allowed for the action.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.
The usage equals the usage of the [QueryAuth]
-Attribute. Check out the Documentation for Query
Demo
Use this controls to change the login state
You are currently not logged in
This small demo combines all auth mechanisms at once.
The model itself is marked as [Updatable]
. That means that all fields of the model can get updated.
It also has the attribute [UpdateAuth]
. The result is, that only authenticated users that are verified by the policy requireUser can update properties of the model. The model has three properties that are only updatable under certain conditions:
1. RequiresUser
: This property has no extra condition and is updatable when all requirements for the model are met
2. CustomFunction
: This property is marked with a custom function to check if it is updatable. It is only updatable when the property RequiresUser
has the value Yes.
3. RequiresAdmin
: This property is marked as only updatable when the policy requireAdmin is met. Only users in role admin can update this value.