Authorization
Nucleus implements .Net Core Authorization policies in order to control access to controllers and/or controller actions.
To specify an authorization policy on a controller or action, add an Authorize attribute to your MVC controller or action:
[Authorize(Policy = Nucleus.Abstractions.Authorization.Constants.MODULE_EDIT_POLICY)]
Policies
| SYSTEM_ADMIN_POLICY | Restricts access to system administrators. |
| SITE_ADMIN_POLICY | Restricts access to site administrators and system administrators. |
| PAGE_EDIT_POLICY | Restricts access to users who are members of a role which has edit permissions for the current page. |
| PAGE_VIEW_POLICY | Restricts access to users who are members of a role which has view permissions for the current page. |
| MODULE_EDIT_POLICY | Restricts access to users who are members of a role which has edit permissions for the current module. |
| SITE_WIZARD_POLICY | This is a special policy used during setup. Do not use this policy in extensions. |
System administrators and site administrators always have view and edit rights for all pages and modules.
Module View permissions are always checked before rendering a module. You do not need to specify an Authorization attribute for this check to occur.