Role & Permission question

Role & Permission question

Old forum URL: forums.lhotka.net/forums/t/7367.aspx

forrest posted on Wednesday, July 29, 2009

Hi ,I am from china,the csla.net is wonderful,thanks!
I have a question when I am implementing a new project with csla,maybe,it's not a question with csla.but can you give me some suggestion?please
In project tracker app,RoleName like 'ProjectManager''Administrator',a role can or can not do something has been designed,I think it just like Permission.
But with RBAC Rule,
User --- Role --- Permission
I think a role's permission shoud be configed with demands,so that are there any goods from IPrincipal.IsInRole method,because i don't know a role's permission.
In my new project,a corporation has many branches,so the roles may contain
boss
regional manager
sale manager
saler
.......

Every role can view different data by region/department/customer,so it can not work well if I code like User.IsInRole("Saler").

I  have puzzled by this question for some days,do you have some suggestion to me?

Forgive of my poor english!
Thanks!

RockfordLhotka replied on Wednesday, July 29, 2009

http://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx

forrest replied on Thursday, July 30, 2009

Do you mean we can use permission instead of role in realword?

thanks

ajj3085 replied on Thursday, July 30, 2009

I had forgotten about that blog post, but I'm glad it was reposted because in the very near future I'll be moving to users -> roles -> permissions.

Thanks
Andy

triplea replied on Thursday, July 30, 2009

Based on the informaiton of the above link, I have slightly modified the example found here:

http://forums.lhotka.net/forums/thread/17604.aspx

And have found it to work really well.

forrest replied on Thursday, July 30, 2009

Thanks,your code is really work well.



SonOfPirate replied on Friday, July 31, 2009

Try this one on for size...

I've been working with permission-based authorization for many years now and have to admit that my latest iteration is without a doubt the cleanest solution - I have the .NET 3.5 team to thank.

I've simply implemented an extension method on the IPrincipal interface:

public static bool HasPermission(this IPrincipal principal, Permission requestPermission)
{
    // Do the work
}

Now in my application(s) I can simply call this method as if it was a built-in part of the IPrincipal interface.  Plus, all of the logic in encapsulated in the extension method, so it's been a win-win for me.

Hope that helps.

 

Copyright (c) Marimer LLC