CSlaughter:
I'm developing an application that has two roles ("Admins" and "Guest"). Guest can create an account to become a member. My requirements are:
- Admins can edit any members information
- A member is allowed to update only his/her information
- Guest can read any member's information
So my thought is once a member logins I can load the members ID (GUID) as a role and then do something like Csla.ApplicationContext.User.IsInRole(Member.ID.tostring) in the Authorization Rules section to check if the user can edit the selected Member object. Does this sound correct?
#3 -- Id say a guest can read only a select part of members info... not all the data!
normaly the members roles will be in a seperate table and not based on the ID
what I would do is this:
create a role named "Guest"
when you allow a user to "Self Create" assign them the Guest Role.
then go from there.... let an Admin edit the users roles to include other roles and take them out of Guest.
Edit / Update: just have a bit of logic that allows a user to edit thier data but not the roles they are assigned to.
if (User.ID=SelectedUser.ID) and (NOT inRole("Guest"))
-- Edit my stuff
else
-- sorry guest you are not permited -- talk to an admin.
Copyright (c) Marimer LLC