I think it is a good fit, based on what you described, yes. On Fri, Oct 16, 2009 at 1:12 PM, Mick Delaney <[email protected]> wrote:
> > I'm working on a multitenant app right now (not football teams!), but > the plan is for 1000's of tenants. that would result in 1000's of > UserGroups. (they're cheap though as you said). > > I guess an easy may to model my domain is to think of it like a > multitenant shopping site. where u can create a new shop and customer > can buy stuff from the shop. > > User Types: > Employee (Owner, Manager, Employee). may me a member of any Shop, but > may be a Manager in 1, and a Employee in another. > Customer, may have orders with many shops, the role is implied, i.e. > if i have orders with Shop A then I'm a Customer of shop A. > System, manages the system, shop has paid they're fees, shut them down > etc. > > So i'd need Shop A - Manager, Shop B - Manager. > > From an app design point of view on an operation like. Product/Add, > i'd build up the role like, role = CurrentShop.Name + " - " Manager > etc. > > Do you think RS is a good fit in that situation? > > If i go with a custom solution i'd probably have a UserToUserGroups > table with a EntityId also i guess. > > > > On Oct 16, 11:51 am, Ayende Rahien <[email protected]> wrote: > > You would have two user groups. > > > > Managers - Team A > > Players - Team B > > > > Groups (both entities & users) are cheap with RS. > > > > On Fri, Oct 16, 2009 at 12:44 PM, Mick Delaney <[email protected] > >wrote: > > > > > > > > > > > > > I have another question. > > > > > Can I be a 'Manager' for 'Team A', but a 'Player' for 'Team B'. > > > > > And if so how would i represent that in RS. > > > > > On Oct 16, 11:14 am, Ayende Rahien <[email protected]> wrote: > > > > inline (but basically it is yes to all your quesitons) > > > > > > On Fri, Oct 16, 2009 at 12:06 PM, Mick Delaney < > [email protected] > > > >wrote: > > > > > > > Basically I've been scratching the surface of rhino security, just > > > > > using groups and operations. i.e. add a user to a group, > > > > > and then check if this group has a permission for this operation, > > > > > with .OnEverything().DefaultLevel() etc. > > > > > I've built an mvc UI screen for that (based on the top half of your > > > > > mockup). > > > > > > > But I've not been using Entities/EntityGroups at all, but reading a > > > > > previous discussion about this admin UI i've made the assumption > that > > > > > the botton half of your screen mock up was based on an Entity > called > > > > > "Big Shipments". > > > > > > Yes > > > > > > > Am i correct?? > > > > > > > Just so I understand Rhino Security correctly I've got an example. > > > > > > > A multitenant app for football teams, with an operation called > Player/ > > > > > Add, which adds a player to a team. > > > > > Only EXISTING team members with a role of 'Manager' should be able > to > > > > > do this. > > > > > > > Table Players: > > > > > TeamId > > > > > PlayerId > > > > > PlayerName > > > > > > > Operation => Player/Add > > > > > IUser => TeamUser > > > > > UserGroup => Manager > > > > > Entity=>Team > > > > > > > bool canAddPlayer = authService.IsAllowed<Team>(currentUser, > > > > > currenTeam, 'Player/Add'). > > > > > > > This will then extract the team id from Team, the id from User, > and > > > > > check if a permission exists for this user against this team for > this > > > > > operation, or if the user is part of a group > > > > > which has a permission against this team. > > > > > > Yes > > > > > > To Clarify: > > > > > > > We're denying permission for operation Player/Add for everyone. > > > > > > > Unless: > > > > > A: They're in the 'Managers' group (UserGroup) > > > > > B: They provide the correct Entity (Team) > > > > > > > For the admin screen then. > > > > > > > Global: > > > > > Operations: all operations > > > > > Allowed: any permission on this operation where allow is true > > > > > Forbidden: any permission on this operation where allow is false > > > > > > > Entity: > > > > > Operations: all operations > > > > > Allowed: any permission on this operation where allow is true > and > > > > > EntitySecurityKey = id whatever entity you provide > > > > > Forbidden: any permission on this operation where allow is false > and > > > > > EntitySecurityKey = id whatever entity you provide > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
