Custom Permissions

I have a requirement to extend roles to hierarchical entities such that we may grant a user a role for a specific entity. Because there are no facilities to do this in vanilla ABP, I’ve copied a lot of the role and OU system from ABP and customized it. My entities are called Portfolios and new roles are called PortfolioRoles. This is working well – I am able to grant my PortfolioRole an ABP Permission, give a User the PortfolioRole, and authorize them on that role using [AbpAuthoize].

However I have a need to differentiate permissions that are grantable to the two roles (Role and PortfolioRole). Right now both roles use the same permission entities, and I am unable to determine which permissions are allowed to be granted to which role. This means I can grant my PortfolioRoles permissions which were intended just for regular ABP Roles and vice versa.

It seems that the root of the issue is that AuthorizationProvider.SetPermissions() can only accept IPermissionDefinitionContext, which prevents me from declaring a new permission and giving it to the ABP authorization system.

Do you have any suggestions for implementing custom permissions for an AuthorizationProvider, or another way I could discriminate between two different types of permissions? The best solution I have currently is a naming convention for permissions, but I’d prefer something a little more concrete than that. I am using ABP 1.4.0 and Zero 1.4.0. Thanks, and great framework!