|
User privileges |
Post Reply 
|
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google Boomarks Google Buzz MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
|||||||||||||||||||||||
giotis 
Groupie 
Joined: 26-Apr-2012 Location: Greece Posts: 53 |
 Post Options
 Quote Reply
 Topic: User privilegesPosted: 08-May-2012 at 4:13pm |
|||||||||||||||||||||||
|
If assuming that each user has these privileges
at first level and we had many Module where each of them to defined different privileges depending on the user loads the appropriate Module second level depending on the user to allow for appropriate actions 1.disable ViewModel 2.disable actions 3.or error messages is easy to embed them in Cocktail? |
||||||||||||||||||||||||
 |
||||||||||||||||||||||||
|
mgood
IdeaBlade 
Joined: 18-Nov-2010 Location: Emeryville, CA Posts: 583 |
Post Options
Quote Reply
Posted: 08-May-2012 at 4:55pm |
|||||||||||||||||||||||
|
To secure an application, you should start with securing your domain model. An application that simply hides stuff on the UI based on the user's permissions is not a secure application if the data model is left wide open. This is called security through obscurity. True security starts at the server and the domain model. DevForce has a flexible authorization model to secure your back-end. See the following link as a start.
Once your domain model is properly secured, you automatically get error messages if a user tries to do something that they don't have permission to. If you look at the latest TempHire code you see the beginnings of how to secure a data model. In TempHire you have to to be an authenticated user before you can save or query. This is accomplished through the RequiresAuthenticationAttribute on EntityBase, from which each entity in the domain model extends. It doesn't do anything with roles or specific permissions yet. [ProvideEntityAspect] [DataContract(IsReference = true)] [RequiresAuthentication] public abstract class EntityBase { private EntityFacts _entityFacts; [NotMapped] public EntityFacts EntityFacts { get { return _entityFacts ?? (_entityFacts = new EntityFacts(this)); } } [DataMember] [ConcurrencyCheck] [ConcurrencyStrategy(ConcurrencyStrategy.AutoIncrement)] public int RowVersion { get; internal set; } public virtual void Validate(VerifierResultCollection validationErrors) { } } Once you have your domain model secured, the rest is cosmetics on the UI. Disabling buttons if the user doesn't have permission can easily be done by adding corresponding CanXXX properties for your actions in the VM so that the buttons are disabled or you can bind the visibility attribute so that the controls are not visible if the user doesn't have permission. To hide entire ViewModels many developers leverage MEF metadata to control which exports should be visible to the current user. You can learn more about Exports and metadata in MEF here: http://mef.codeplex.com/wikipage?title=Exports%20and%20Metadata&referringTitle=Guide
Edited by mgood - 08-May-2012 at 4:58pm |
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
giotis
Groupie
Joined: 26-Apr-2012 Location: Greece Posts: 53 |
Post Options
Quote Reply
Posted: 08-May-2012 at 6:34pm |
|||||||||||||||||||||||
|
Thank you for your immediate response
I agree with what you said but it is true if the application have fifteen Assembly and the user is authorized only for the five the application loads all ? many times the functionality and cosmetics go together Anyway I'll wait a little help because should spend the rest of my life to do it Thanks again |
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
mgood
IdeaBlade
Joined: 18-Nov-2010 Location: Emeryville, CA Posts: 583 |
Post Options
Quote Reply
Posted: 08-May-2012 at 7:04pm |
|||||||||||||||||||||||
|
Agreed. Cocktail currently has the building blocks to do this, but it doesn't have a configurable module manager. Perhaps that is something that could be added in the future. Are you doing WPF or Silverlight?
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
giotis
Groupie
Joined: 26-Apr-2012 Location: Greece Posts: 53 |
Post Options
Quote Reply
Posted: 08-May-2012 at 7:39pm |
|||||||||||||||||||||||
|
Silverlight is more useful
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |