That is a good point about the ordering of roles.
That is definitely flaky.
But I will still be left with the inline if statements.
Can I somehow abstract them away from the [EMAIL PROTECTED]
> Date: Wed, 21 Nov 2007 09:49:15 +0100> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] Code review> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > > I
> am writing an ASP.NET application that is heavily influenced by users and> >
> roles. I am finding my code becoming increasing cluttered with the>
> following> > type of thing:> > IList<BusinessFunction> businessFunctions;> >
> if (CurrentUser.RoleIsAbove(Role.BusinessUnitAdmin))> > {> > if
> (CurrentUser.IsSystemAdmin)> > businessFunctions =>
> CommonService.GetAll<BusinessFunction>("Deleted");> > else> >
> businessFunctions => CommonService.GetAll<BusinessFunction>("Deleted",> >
> false);> > }> > The things I am unhappy about seeing is,
> CurrentUser.RoleIsAbove etc.> > It is making the code messy.> > I would like
> a way of somehow abstracting this security outside of the> > method.Can
> anyone think how I could raise the abstraction level somehow.> > I could use
> custom attributes perhaps but I have 2 if staements checking> user> > roles.>
> > Can this be tidied up?> > I'm not a fan of specifying access levels in
> 'above' or 'at least> have' role ABC. A given action requires a given action
> right AR. So if a role> R has that action right AR assigned to it, anyone who
> has that role assigned> to him/her can perform AR.> > You then have to assign
> actions with action rights. You can then> abstract that away like:>
> if(SecurityManager.CanPerformAction(ActionRights.GetDeletedCustomers, user))>
> {> // get deleted customers> }> > The advantage of this is that in your
> system, you have to take notion> of the order of the roles. That's not really
> good, because if you make a> mistake by adding a new role at the wrong spot,
> it can open up your security> at places in your application you won't be
> aware of.> > Roles aren't meant for that. Roles are effectively groups of
> action> rights you can assign to a user, by assigning the role to a user.> >
> FB> > ===================================> This list is hosted by
> DevelopMentor® http://www.develop.com> > View archives and manage your
> subscription(s) at http://discuss.develop.com
_________________________________________________________________
Celeb spotting – Play CelebMashup and win cool prizes
https://www.celebmashup.com
===================================
This list is hosted by DevelopMentor® http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
