I do not understand why you need step 1 and 2. Here is what we do in our
filter:
1. Check whether user is authenticated
2. If yes: get the operation based on the controller type and actionname
(string.Format("/{0}/{1}", filterContext.Controller.GetType().BaseType.Name,
actionName))
3. Check whether the logged in user is allowed to perform the operation.
This works very nice.
On Thu, Mar 26, 2009 at 8:02 AM, c.sokun <[email protected]> wrote:
>
> Cool that UI accommodate Operation, User & UsersGroup and it seem to
> me the operations' tree is <area>/<controller>/<action> right?
> I am thinking about using this UI for my next sample app (http://
> code.google.com/p/storm-the-castle/)
> Does it hurt the performance if I have to populate the Operation tree
> automatically I mean I am going to use Filter to do these tasks:
>
> Fitler BeforeAction:
>
> 1. Check if <area>/<controller>/<action> defined?
> 2. If not create one
> 3. if yes, get list of permissions
> 4. run security check if deny/allow etc.
>
> Any suggestion?
>
> On Mar 25, 7:16 pm, Ayende Rahien <[email protected]> wrote:
> > what about something like this?
> >
> > On Wed, Mar 25, 2009 at 10:26 AM, c.sokun <[email protected]> wrote:
> >
> > > something like this
> > >http://chornsokun.files.wordpress.com/2009/03/for-a-friend-in-hospita.
> ..
> >
> > > On Mar 25, 3:22 pm, "c.sokun" <[email protected]> wrote:
> > > > I had done something for the UI but it pretty basic,
> > > > Manage user list, user group & UI for associate user with a group.
> > > > I plan to upload the UI to google code soon.
> >
> > > > However it a bit tricky to develop UI for Operations as I believe
> > > > Operations data could be populate using Filter and it could be many
> > > > way to design base on different need.
> >
> > > > But overall I am satisfied with rhino-security API so far.
> >
> > > > On Mar 24, 10:11 pm, Bart Reyserhove <[email protected]>
> > > > wrote:
> >
> > > > > In my case I am a bit worried that the question will come back
> sooner
> > > or
> > > > > later. That means I am also thinking on how I would represent it in
> UI.
> > > Most
> > > > > of the time you see screen with a lot of checkboxes and that's
> > > something I
> > > > > want to avoid.
> > > > > It could be that I just throw it all in our ExtJS grid and have
> "Allow"
> > > and
> > > > > "Deny" buttons underneath and of course a multi-selection
> possibility.
> >
> > > > > On Tue, Mar 24, 2009 at 3:49 PM, [email protected] <
> > > [email protected]>wrote:
> >
> > > > > > Ayende/Bart
> > > > > > Thanks for the prompt reply guys.
> >
> > > > > > Unfortunately, I could not convince my customer.
> >
> > > > > > On Mar 24, 9:33 am, Bart Reyserhove <[email protected]>
> > > wrote:
> > > > > > > For the moment I convinced my customer that the permissions
> will be
> > > > > > > initially setup for a customer by a developer ;-)
> > > > > > > Making a decent UI for this is still somewhere in our to do
> list
> > > but it
> > > > > > is
> > > > > > > quite hard and the problem is that you need to spend a lot of
> time
> > > on
> > > > > > > something with minimal business value. In our case the
> permissions
> > > do not
> > > > > > > change that often once they are setup for a specific client.
> >
> > > > > > > We are thinking of creating a DSL instead of UI.
> >
> > > > > > > On Tue, Mar 24, 2009 at 2:24 PM, Ayende Rahien <
> [email protected]>
> > > > > > wrote:
> > > > > > > > I think that Bart implemented that, but I don't know if this
> is
> > > > > > available.
> >
> > > > > > > > On Tue, Mar 24, 2009 at 8:56 AM, [email protected] <
> > > > > > [email protected]>wrote:
> >
> > > > > > > >> I am fairly new to rhino security. I have a need to
> implement a
> > > > > > > >> granular security access control system for which I believe
> > > rhino
> > > > > > > >> security would be ideal.
> >
> > > > > > > >> I was wondering whether anybody has implemented an UI where
> the
> > > end
> > > > > > > >> user can administer access control rights.
> >
> > > > > > > >> I looked at the winecellar example in google code where the
> > > access is
> > > > > > > >> controlled using rhino security but not how to allow the end
> > > user to
> > > > > > > >> create permissions.
> > > > > > > >>http://code.google.com/p/winecellarmanager/
> >
> > > > > > > >> I appreciate any help in this regard.
> >
> > > > > > > >> thanks in advance.
> >
> >
> >
> > perms.png
> > 162KViewDownload
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Rhino Tools Dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rhino-tools-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
