inline (but basically it is yes to all your quesitons) On Fri, Oct 16, 2009 at 12:06 PM, Mick Delaney <[email protected]>wrote:
> > Basically I've been scratching the surface of rhino security, just > using groups and operations. i.e. add a user to a group, > and then check if this group has a permission for this operation, > with .OnEverything().DefaultLevel() etc. > I've built an mvc UI screen for that (based on the top half of your > mockup). > > But I've not been using Entities/EntityGroups at all, but reading a > previous discussion about this admin UI i've made the assumption that > the botton half of your screen mock up was based on an Entity called > "Big Shipments". > > Yes > Am i correct?? > > Just so I understand Rhino Security correctly I've got an example. > > A multitenant app for football teams, with an operation called Player/ > Add, which adds a player to a team. > Only EXISTING team members with a role of 'Manager' should be able to > do this. > > Table Players: > TeamId > PlayerId > PlayerName > > Operation => Player/Add > IUser => TeamUser > UserGroup => Manager > Entity=>Team > > bool canAddPlayer = authService.IsAllowed<Team>(currentUser, > currenTeam, 'Player/Add'). > > This will then extract the team id from Team, the id from User, and > check if a permission exists for this user against this team for this > operation, or if the user is part of a group > which has a permission against this team. > > Yes To Clarify: > > We're denying permission for operation Player/Add for everyone. > > Unless: > A: They're in the 'Managers' group (UserGroup) > B: They provide the correct Entity (Team) > > For the admin screen then. > > Global: > Operations: all operations > Allowed: any permission on this operation where allow is true > Forbidden: any permission on this operation where allow is false > > Entity: > Operations: all operations > Allowed: any permission on this operation where allow is true and > EntitySecurityKey = id whatever entity you provide > Forbidden: any permission on this operation where allow is false and > EntitySecurityKey = id whatever entity you provide > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
