Abstract to Privileges rather than to Roles in ASP.NET Applications
page 2 of 3
by Steven Smith
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 27617/ 61
Article Contents:

The Solution

Represent the notion of access to a particular operation as a Privilege.  For example, in this case we want to be able to say whether the current user is authorized to edit a particular article.  That's all that's involved here.  So we need an abstraction that allows us to refer to a user, an article, and a place to store the logic to say whether or not the operation is authorized.  Something like this:

public abstract class Privilege<T>
{
  public abstract bool AuthorizedToEdit(T item, User user);
}
public class ArticlePrivilege : Privilege<Article>
{
  public override bool AuthorizedToEdit(Article item, User user)
  {
    if(user.IsInRole(Roles.Editor)) return true;
    if(user.IsInRole(Roles.Author))
   {
   return UserIsArticleAuthor(item,user) && ArticleNotSubmitted(item);
   }
  return false;
}
  // implement UserIsArticleAuthor() and ArticleNotSubmitted() here
}

 

Now within our page, if we want to determine whether the user is authorized to edit the article, we simply create a new privilege object and check its AuthorizedToEdit() method.  This could easily be made into an extension method on User, Article, or both, if desired for convenience.

var articlePrivilege = new ArticlePrivilege();
 if(articlePrivilege.AuthorizedToEdit(article, currentUser))
{
  editLink.Visible = true;
}

 


View Entire Article

User Comments

Title: Dermatal   
Name: Dermatal
Date: 2010-12-30 1:42:12 AM
Comment:
It is a actually adequate apprehend for me, to acquire that you are a allotment of the finest bloggers I acquire seen. Thanks for publishing this aboveboard cavalcade Developer Symposium | Trust.. Continue the adequate work, I acquire added you to my blogroll.
Title: Nice solution, but there is at least one other way   
Name: Mark Kamoski
Date: 2010-12-29 11:56:04 AM
Comment:
Nice solution, but there is at least one other way. I usually use an added table bolted onto the ASP.NET Application Services tables that maps (object-type and action-type) and then grants (or denies) access to that operation. The calls look like something like this... bool hasPermission = SecurityHelper.HasPermission(CurrentUserName, ObjectName, ActionName); ...and so on. That works OK too. Just a thought. Thank you. -- Mark Kamoski
Title: use static   
Name: Trevor
Date: 2010-12-29 11:12:51 AM
Comment:
I would prefer to see a static method below. ie.

ArticlePrivilege.AuthorizedToEdit

That way you don't need to instantiate a class for no reason.

----
var articlePrivilege = new ArticlePrivilege();
if(articlePrivilege.AuthorizedToEdit(article, currentUser))
{
editLink.Visible = true;
}
----

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2021 ASPAlliance.com  |  Page Processed at 2021-12-07 8:28:35 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search