How can I restrict File Management Module file/directory access to the user that created the file/directory? #6532 | Support Center | ABP Commercial

mattw@agilenova.com created 3 months ago

When User A accesses the File Management component in the Angular UI, User A can see files and directories created by User B.

I want to restrict User A to just User A's files and I tried applying an AbpQueryFilter, but it is not working. I use this approach with my own/custom entities successfully, but the filter has no effect on ABP module entities.

I specifically modified MyAppDbContext.cs as follows: protected override void OnModelCreating(ModelBuilder builder) { //..... generated code .... // --- custom code ----

 builder.Entity&lt;FileDescriptor&gt;(b =>
{
    b.HasAbpQueryFilter(t =>  (t.CreatorId.Value == _currentUser.Id);
});
    

builder.Entity&lt;DirectoryDescriptor&gt;(b =>
    {
       b.HasAbpQueryFilter(t =>  (t.CreatorId.Value == _currentUser.Id);
    });

NOTE: _currentUser is CurrentUser injected.

ABP Framework version: v7.4.5
UI Type: Angular
Database System: EF Core PostgreSQL,
Tiered (for MVC) or Auth Server Separated (for Angular): no
Exception message and full stack trace: n/a
Steps to reproduce the issue: Use the File Management Component in Angular UI

Please advise. Thanks!

2 Answer(s)

0

maliming created 3 months ago
Support Team Fullstack Developer

hi

You can try to replace the IFileManagementDbContext(FileManagementDbContext) in your MyAppDbContext

Just like the the [ReplaceDbContext(typeof(IIdentityProDbContext))] and [ReplaceDbContext(typeof(ISaasDbContext))]

Then, add a custom global filter.

https://docs.abp.io/en/abp/latest/Entity-Framework-Core#replacedbcontext-attribute https://docs.abp.io/en/abp/latest/Data-Filtering#entityframework-core
0

mattw@agilenova.com created 3 months ago

That worked perfectly! Thanks

Have an answer to this question? Log in and write your answer.