New Posts New Posts RSS Feed: User privileges
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

User privileges

 Post Reply Post Reply
Author
giotis View Drop Down
Groupie
Groupie
Avatar

Joined: 26-Apr-2012
Location: Greece
Posts: 53
Post Options Post Options   Quote giotis Quote  Post ReplyReply Direct Link To This Post Topic: User privileges
    Posted: 08-May-2012 at 4:13pm
If assuming that each user has these privileges

Users

Add

Edit

Delete

Read

Database

Supervisor

x

x

x

x

TempHire, Security

Admin

x

x

x

x

TempHire

User

x

 

 

x

TempHire


at first level

            and we had many Module where each of them to defined different privileges

           depending on the user loads the appropriate Module

second level

           depending on the user to allow for appropriate actions

           1.disable ViewModel

           2.disable actions

           3.or error messages


is easy to embed them in Cocktail?

         



Back to Top
mgood View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 18-Nov-2010
Location: Emeryville, CA
Posts: 582
Post Options Post Options   Quote mgood Quote  Post ReplyReply Direct Link To This Post Posted: 08-May-2012 at 4:55pm
To secure an application, you should start with securing your domain model. An application that simply hides stuff on the UI based on the user's permissions is not a secure application if the data model is left wide open. This is called security through obscurity. True security starts at the server and the domain model. DevForce has a flexible authorization model to secure your back-end. See the following link as a start.


Once your domain model is properly secured, you automatically get error messages if a user tries to do something that they don't have permission to. If you look at the latest TempHire code you see the beginnings of how to secure a data model. In TempHire you have to to be an authenticated user before you can save or query. This is accomplished through the RequiresAuthenticationAttribute on EntityBase, from which each entity in the domain model extends. It doesn't do anything with roles or specific permissions yet. 

    [ProvideEntityAspect]
    [DataContract(IsReference = true)]
    [RequiresAuthentication]
    public abstract class EntityBase
    {
        private EntityFacts _entityFacts;
 
        [NotMapped]
        public EntityFacts EntityFacts
        {
            get { return _entityFacts ?? (_entityFacts = new EntityFacts(this)); }
        }
 
        [DataMember]
        [ConcurrencyCheck]
        [ConcurrencyStrategy(ConcurrencyStrategy.AutoIncrement)]
        public int RowVersion { getinternal set; }
 
        public virtual void Validate(VerifierResultCollection validationErrors)
        {
        }
    }

Once you have your domain model secured, the rest is cosmetics on the UI. Disabling buttons if the user doesn't have permission can easily be done by adding corresponding CanXXX properties for your actions in the VM so that the buttons are disabled or you can bind the visibility attribute so that the controls are not visible if the user doesn't have permission. 

To hide entire ViewModels many developers leverage MEF metadata to control which exports should be visible to the current user. You can learn more about Exports and metadata in MEF here: http://mef.codeplex.com/wikipage?title=Exports%20and%20Metadata&referringTitle=Guide


Edited by mgood - 08-May-2012 at 4:58pm
Back to Top
giotis View Drop Down
Groupie
Groupie
Avatar

Joined: 26-Apr-2012
Location: Greece
Posts: 53
Post Options Post Options   Quote giotis Quote  Post ReplyReply Direct Link To This Post Posted: 08-May-2012 at 6:34pm
Thank you for your immediate response

I agree with what you said
but it is true if the application have fifteen Assembly and the user is authorized only for the five the application loads all ?
many times the functionality and cosmetics go together

Anyway I'll wait a little help because should spend the rest of my life to do it
Thanks again
Back to Top
mgood View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 18-Nov-2010
Location: Emeryville, CA
Posts: 582
Post Options Post Options   Quote mgood Quote  Post ReplyReply Direct Link To This Post Posted: 08-May-2012 at 7:04pm
Agreed. Cocktail currently has the building blocks to do this, but it doesn't have a configurable module manager. Perhaps that is something that could be added in the future. Are you doing WPF or Silverlight?
Back to Top
giotis View Drop Down
Groupie
Groupie
Avatar

Joined: 26-Apr-2012
Location: Greece
Posts: 53
Post Options Post Options   Quote giotis Quote  Post ReplyReply Direct Link To This Post Posted: 08-May-2012 at 7:39pm
Silverlight is more useful
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down