> I am writing an ASP.NET application that is heavily influenced by users and
> roles. I am finding my code becoming increasing cluttered with the
following
> type of thing:
> IList<BusinessFunction> businessFunctions;
> if (CurrentUser.RoleIsAbove(Role.BusinessUnitAdmin))
> {
> if (CurrentUser.IsSystemAdmin)
> businessFunctions =
CommonService.GetAll<BusinessFunction>("Deleted");
> else
> businessFunctions =
CommonService.GetAll<BusinessFunction>("Deleted",
> false);
> }
> The things I am unhappy about seeing is, CurrentUser.RoleIsAbove etc.
> It is making the code messy.
> I would like a way of somehow abstracting this security outside of the
> method.Can anyone think how I could raise the abstraction level somehow.
> I could use custom attributes perhaps but I have 2 if staements checking
user
> roles.
> Can this be tidied up?
I'm not a fan of specifying access levels in 'above' or 'at least
have' role ABC. A given action requires a given action right AR. So if a role
R has that action right AR assigned to it, anyone who has that role assigned
to him/her can perform AR.
You then have to assign actions with action rights. You can then
abstract that away like:
if(SecurityManager.CanPerformAction(ActionRights.GetDeletedCustomers, user))
{
// get deleted customers
}
The advantage of this is that in your system, you have to take notion
of the order of the roles. That's not really good, because if you make a
mistake by adding a new role at the wrong spot, it can open up your security
at places in your application you won't be aware of.
Roles aren't meant for that. Roles are effectively groups of action
rights you can assign to a user, by assigning the role to a user.
FB
===================================
This list is hosted by DevelopMentorĀ® http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
