Hi,
I'm starting a new project and i'm using rhino security. In my model
i've got usersgroups like "Project Manager", "Supply Manager" and
Operations can be like "/Project/Create", "/Project/Procurement/item/
Add".
When i associate one of those groups with any Operation i must give
group access to operations on every entity.
At users creation time i can associate user with one group (the group
is mandatory) and a organizational Structure. The point is:
1 - If user has not a Organizational Structure the permissions are ok
(He can access everything).
2 - But, if user has a Organizational Structure some permissions must
be restricted only to entities members of a EntitiesGroup associated
with this Organizational Structure.
To do this i'm creating a child usersGroup like "Supply Manager of
Organizational Structure #1" and for each permission in parent
usergroup "Supply Manager" i'm creating one in child group denying at
the same level and another allowing only for the entitiesgroup
associated with the organizational structure in a level higher than
the first permission, like bellow:
UsersGroup supplyManagers = authRepo.CreateUsersGroup("Supply
Manager");
permissionsBuilderService
.Allow("/Project/Procurement/item/Add")
.For(supplyManagers)
.OnEveryThing()
.DefaultLevel()
.Save();
UsersGroup restrictedSupplyManagers =
authorizationRepository.CreateChildUserGroupOf("Supply Manager",
"Supply Manager of Organizational Structure #1");
Permissions[] permissionsOfSupplymanager // Get this from Db.
EntitiesGroup OS1_Entities // EntitiesGroup for entities allowed in
Organizational Structure 1.
foreach(Permission permission in permissionsOfSupplymanager)
{
Permission denyPermission = new Permission()
{
Allow = false,
Level = permission.Level,
Operation = permission.Operation,
UsersGroup = restrictedSupplyManagers
}
Permission allowPermission = new Permission()
{
Allow = true,
Level = permission.Level + 1,
Operation = permission.Operation,
UsersGroup = restrictedSupplyManagers,
EntitiesGroup = OS1_Entities
}
// Save permissions
}
I wanna know if you guys have any suggestion for a better approach
than this. This one i think is a bit expensive for handle thinking
that i'm gonna have a big number of operations and usersgroups.
Thanks in advance
--
You received this message because you are subscribed to the Google Groups
"Rhino Tools Dev" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rhino-tools-dev?hl=en.
