Basically I've been scratching the surface of rhino security, just using groups and operations. i.e. add a user to a group, and then check if this group has a permission for this operation, with .OnEverything().DefaultLevel() etc. I've built an mvc UI screen for that (based on the top half of your mockup).
But I've not been using Entities/EntityGroups at all, but reading a previous discussion about this admin UI i've made the assumption that the botton half of your screen mock up was based on an Entity called "Big Shipments". Am i correct?? Just so I understand Rhino Security correctly I've got an example. A multitenant app for football teams, with an operation called Player/ Add, which adds a player to a team. Only EXISTING team members with a role of 'Manager' should be able to do this. Table Players: TeamId PlayerId PlayerName Operation => Player/Add IUser => TeamUser UserGroup => Manager Entity=>Team bool canAddPlayer = authService.IsAllowed<Team>(currentUser, currenTeam, 'Player/Add'). This will then extract the team id from Team, the id from User, and check if a permission exists for this user against this team for this operation, or if the user is part of a group which has a permission against this team. To Clarify: We're denying permission for operation Player/Add for everyone. Unless: A: They're in the 'Managers' group (UserGroup) B: They provide the correct Entity (Team) For the admin screen then. Global: Operations: all operations Allowed: any permission on this operation where allow is true Forbidden: any permission on this operation where allow is false Entity: Operations: all operations Allowed: any permission on this operation where allow is true and EntitySecurityKey = id whatever entity you provide Forbidden: any permission on this operation where allow is false and EntitySecurityKey = id whatever entity you provide --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
