Jul 22, 2019 10:19 AM|Yuki Tao|LINK
thank you and again i ask you how authorize the authenticated user to view/create / edit/delete the invoices that belongs only to its departments or subordinated departments of its department
This should be the problem of one to many entity.
Adding custom AuthorizeAttribute on your CRUD actions to authorize the authenticated user.
Then in action,you need to get the specified field(e.g. get data by
current id in one to many entity)
which could filter the other information.
In addition,you could add a one to many entity
between departments and subordinated departments model.