Hi there,
I'm converting an old system to dotnet and I'm using CSLA which I find an excellent framework for business development.
In broad terms, this is a document management application.
It contains Projects (whole folder trees), and Users are assigned access on a folder-by-folder basis.
There are certain types of User access:
Manager (has read/write access to a whole Project tree)
Author (has read/write access to a particular folder(s))
Reader (has only read access to a particular folder(s))
read / write means the user can delete, edit, add folders.
There is also a Site Admin user with full read/write access to all Project trees in the application.
Now here is my design question: how do I deal with validating the user access for actions such as Get, Edit, Delete, etc? I mean when overriding the CanGetObject(), CanDeleteObject, etc...
The issue here is that the user access (or user type you might say) is given by the currently selected folder for that particular user. IE: the user is an Author in folder A, but only a Reader in folder B. So the User Type is not static, it changes according to the folder the user has selected.
I have some ideas such as Re-Authenticating the user each time she picks a folder - which would set the User Type.
Would this be a good solution? Does it make sense?
Thanks a million
Thanks for your answer.
I think what I will have to do then is determine the User Type for each folder.
So, code like the following (inside public static bool CanAddObject():
if
(Csla.ApplicationContext.User.IsInRole(AccessType.Author.ToString())) return true;Would have to be changed to something like this pseudocode:
1) Make currentUserType equal to the User Type access for the current folder
2) if (currentUserType == AccessType.Author) return true;
Basically the ApplicationContext has no meaning in a case like this I guess.
Copyright (c) Marimer LLC