You would have two user groups. Managers - Team A Players - Team B
Groups (both entities & users) are cheap with RS. On Fri, Oct 16, 2009 at 12:44 PM, Mick Delaney <[email protected]>wrote: > > I have another question. > > Can I be a 'Manager' for 'Team A', but a 'Player' for 'Team B'. > > And if so how would i represent that in RS. > > > On Oct 16, 11:14 am, Ayende Rahien <[email protected]> wrote: > > inline (but basically it is yes to all your quesitons) > > > > On Fri, Oct 16, 2009 at 12:06 PM, Mick Delaney <[email protected] > >wrote: > > > > > > > > > Basically I've been scratching the surface of rhino security, just > > > using groups and operations. i.e. add a user to a group, > > > and then check if this group has a permission for this operation, > > > with .OnEverything().DefaultLevel() etc. > > > I've built an mvc UI screen for that (based on the top half of your > > > mockup). > > > > > But I've not been using Entities/EntityGroups at all, but reading a > > > previous discussion about this admin UI i've made the assumption that > > > the botton half of your screen mock up was based on an Entity called > > > "Big Shipments". > > > > Yes > > > > > > > > > > > > > Am i correct?? > > > > > Just so I understand Rhino Security correctly I've got an example. > > > > > A multitenant app for football teams, with an operation called Player/ > > > Add, which adds a player to a team. > > > Only EXISTING team members with a role of 'Manager' should be able to > > > do this. > > > > > Table Players: > > > TeamId > > > PlayerId > > > PlayerName > > > > > Operation => Player/Add > > > IUser => TeamUser > > > UserGroup => Manager > > > Entity=>Team > > > > > bool canAddPlayer = authService.IsAllowed<Team>(currentUser, > > > currenTeam, 'Player/Add'). > > > > > This will then extract the team id from Team, the id from User, and > > > check if a permission exists for this user against this team for this > > > operation, or if the user is part of a group > > > which has a permission against this team. > > > > Yes > > > > To Clarify: > > > > > > > > > > > > > We're denying permission for operation Player/Add for everyone. > > > > > Unless: > > > A: They're in the 'Managers' group (UserGroup) > > > B: They provide the correct Entity (Team) > > > > > For the admin screen then. > > > > > Global: > > > Operations: all operations > > > Allowed: any permission on this operation where allow is true > > > Forbidden: any permission on this operation where allow is false > > > > > Entity: > > > Operations: all operations > > > Allowed: any permission on this operation where allow is true and > > > EntitySecurityKey = id whatever entity you provide > > > Forbidden: any permission on this operation where allow is false and > > > EntitySecurityKey = id whatever entity you provide > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
