Authorize an action to Admin and only the user who created and event in dotnet core

17 Views Asked by DK_bhai At 04 May 2023 at 06:10

I need to authorize the edit action method for admin or only the users who created it.

I am adding these policy

services.AddAuthorization(options =>
{
    options.AddPolicy("EditAnyEventPolicy", policy =>
    {
        policy.RequireAuthenticatedUser();
        policy.RequireRole("Admin");
    });
    options.AddPolicy("EditEventPolicy", policy =>
    {
        policy.RequireAuthenticatedUser();
        policy.RequireClaim("event_creator");
    });
});

[Authorize(Policy = "EditAnyEventPolicy")]
[Authorize(Policy = "EditEventPolicy")]
public IActionResult EditEvent()
{
    //code
}

The problem is that now users who have admin role and created the event can edit. I need an OR functionality.

How to achieve this?

Original Q&A

Authorize an action to Admin and only the user who created and event in dotnet core

There are 0 best solutions below

Related Questions in C#

Related Questions in ASP.NET-CORE-3.1

Related Questions in POLICY

Related Questions in AUTHORIZE

Trending Questions

Popular # Hahtags

Popular Questions