CSLA .NET

Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum


CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • Business Object Authorization Design

    rated by 0 users
    This post has 1 Reply | 2 Followers

    Not Ranked
    Posts 1
    Justin Heath Posted: Thu, Oct 20 2011 5:33 PM

    I'm very new to CSLA but am thrilled to have found it and have started working through Rockford's C# 2008 Business Objects book.  I have a design question that I'm hoping others with more experience can chime in on, especially as thoughts on how using CSLA can help me better refine the design.

    I'm considering a system that stores multiple types of business evaluation records.  These records are associated with a subject (a user in this system) and an author (the authoring user).

    This system has a concept of multiple types of roles.  For instance, there are roles that indicate a user's level, and would allow a user to be a member of one and only one of these roles.  There may also be predicate roles for which a user may be a member of 1 or more.  

    When an object is requested from the system, the requesting users "level" role and "predicate" role(s) are to be compared to the subject user's roles.  If the requesting users "level" is higher than the subject's and the subject and requester share at least one predicate role, then the requester may have access to the object.

    Does this make any sense?  Is there a design that maps well to this sort of concept?  Certain reading for CSLA that I should target first that might help me with this design?

    Top 75 Contributor
    Posts 114

    I havn't fully understood your statements. But I recommend to read these sources:

    http://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx

    http://www.lhotka.net/weblog/CSLA4AuthorizationRules.aspx (including Source\Csla\Rules\AuthorizationRules.cs)

    I guess, you need your specific "IsInRole" authorization rule. A role basically is just a string, which you can give some additional sematic, i.e. "predicateA;5".

    The authorization rules are designed to be simple and fast.

    Page 1 of 1 (2 items) | RSS

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems