Spiderly LogoSPIDERLY

Authorization

Learn how to configure authorization for entity CRUD operations in your Spiderly application.

Overview

By default, all entities require authorization for Create, Read, Update, and Delete operations. If your code encounters an authorization issue (e.g., an UnauthorizedException - You don't have the necessary rights to perform the operation.), it means the current user lacks the necessary permissions.

Skipping Authorization: If you want to explicitly bypass authorization for an entity, you can apply the [DoNotAuthorize] attribute. This disables all security checks for that entity across all operations.

If your entity requires access control, follow the steps in this tutorial to configure proper authorization.

Add Permissions to Your Application

Navigate to your ApplicationDbContext.cs file:

Backend\{your-app-name}.Infrastructure\{your-app-name}ApplicationDbContext.cs

In the SeedData method, add your entity permissions to the permissions array. Replace YourEntityName with your actual entity name:

private static void SeedData(ModelBuilder modelBuilder)
{
    Permission[] permissions =
    [
        // ... existing permissions ...

        // Add your new entity permissions
        new Permission { Id = 13, Name = "View YourEntityName", Code = "ReadYourEntityName" },
        new Permission { Id = 14, Name = "Edit existing YourEntityName", Code = "UpdateYourEntityName" },
        new Permission { Id = 15, Name = "Add new YourEntityName", Code = "InsertYourEntityName" },
        new Permission { Id = 16, Name = "Delete YourEntityName", Code = "DeleteYourEntityName" },
    ];

    modelBuilder.Entity<Permission>().HasData(permissions);

    // ... rest of seed data ...
}

Important: Make sure to use sequential IDs that don't conflict with existing permissions.

After adding the permissions, create and apply a migration:

dotnet ef migrations add AddYourEntityNamePermissions --project Backend/{your-app-name}.Infrastructure --startup-project Backend/{your-app-name}.API
dotnet ef database update --project Backend/{your-app-name}.Infrastructure --startup-project Backend/{your-app-name}.API

Assign Permissions to a Role

In the application UI:

  1. Navigate to Administration → Roles.
  2. Select the role you want to modify.
  3. In the Permissions control, add the newly created permissions.

This ensures users assigned to this role will have access to the specified entity operations.

Validation

Learn how to use validation attributes to automatically generate backend and frontend validation rules.

UI Customization

Learn how to customize app name, logo, favicon, theme colors, layout, and UI components in your Spiderly application.

On this page

OverviewAdd Permissions to Your ApplicationAssign Permissions to a Role