Security model

James Thomas posted on Friday, February 06, 2009

Hi All,

I have a quick question about an enhanced security model that I need to implement in CSLA for Silverlight.

I've got an app working nicely with the example model given in Rolodex, but I now need to work on a more complex app with slightly more complicated needs. Here's the basic structure:

My project management application is based around projects and staff (and lots of other attributes). Staff can have different roles in different projects (e.g. be a director of one project and be a 'normal' member of staff in another). Each member of staff can log in to the app and have permissions based on the project they are viewing at the time. In some projects they can edit anything - and set permissions for other people accessing their project; in others they can edit only certain objects; in others have ReadOnly access; and other projects they should not be able to view at all (those projects shouldn't even appear in their list of available projects).

One way in which the project is simple is that all work is done within a project. People should log in, be given a list of their projects, and then begin work with a constant set of permissions (until they decide to select a different project, at which point they'll need to be reset).

I know how to log people in (!), but am not sure what the correct CSLA way is to restrict people's access depending on which projects they are in. Since this is fundamental to the application's security (and it has to be deployed on the internet), I'd like to make sure I get this right from the beginning.

Any advice gratefully recieved.

Thanks, James.