I have another question. Can I be a 'Manager' for 'Team A', but a 'Player' for 'Team B'.
And if so how would i represent that in RS. On Oct 16, 11:14 am, Ayende Rahien <[email protected]> wrote: > inline (but basically it is yes to all your quesitons) > > On Fri, Oct 16, 2009 at 12:06 PM, Mick Delaney <[email protected]>wrote: > > > > > Basically I've been scratching the surface of rhino security, just > > using groups and operations. i.e. add a user to a group, > > and then check if this group has a permission for this operation, > > with .OnEverything().DefaultLevel() etc. > > I've built an mvc UI screen for that (based on the top half of your > > mockup). > > > But I've not been using Entities/EntityGroups at all, but reading a > > previous discussion about this admin UI i've made the assumption that > > the botton half of your screen mock up was based on an Entity called > > "Big Shipments". > > Yes > > > > > > > Am i correct?? > > > Just so I understand Rhino Security correctly I've got an example. > > > A multitenant app for football teams, with an operation called Player/ > > Add, which adds a player to a team. > > Only EXISTING team members with a role of 'Manager' should be able to > > do this. > > > Table Players: > > TeamId > > PlayerId > > PlayerName > > > Operation => Player/Add > > IUser => TeamUser > > UserGroup => Manager > > Entity=>Team > > > bool canAddPlayer = authService.IsAllowed<Team>(currentUser, > > currenTeam, 'Player/Add'). > > > This will then extract the team id from Team, the id from User, and > > check if a permission exists for this user against this team for this > > operation, or if the user is part of a group > > which has a permission against this team. > > Yes > > To Clarify: > > > > > > > We're denying permission for operation Player/Add for everyone. > > > Unless: > > A: They're in the 'Managers' group (UserGroup) > > B: They provide the correct Entity (Team) > > > For the admin screen then. > > > Global: > > Operations: all operations > > Allowed: any permission on this operation where allow is true > > Forbidden: any permission on this operation where allow is false > > > Entity: > > Operations: all operations > > Allowed: any permission on this operation where allow is true and > > EntitySecurityKey = id whatever entity you provide > > Forbidden: any permission on this operation where allow is false and > > EntitySecurityKey = id whatever entity you provide --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
