All geek questions in one place

Approach for granting limited privileges to application users

I have a desktop application developed in WPF that has several views displayed as a child MDI in a shell. It is not developed in a composite / modular approach. When the application opens, all views are ready for access. The application has an Admin user and several operators.

The requirement is that the Admin user assign some limited privileges to the Operators, which will indicate -

  • Which operators can open or open which types, and
  • What operators can perform actions in allowed views

My thought up to this point is

  • Storing operator privilege information in a database
  • At boot, storing privileged user information during login at any application level
  • For the shell, checking privilege information at the application level and setting visibility bindings to the various View-access buttons according to the information
  • For individual views, checking privilege information at the ViewModel level and setting visibility bindings to action buttons in accordance with the information

Is there a better approach to implement such a scenario?

+4
source share
1 answer

Your approach sounds pretty good to me, except for the fact that besides hiding a few user interface elements like buttons, I would also check if the operators can execute the current user at the ViewModel level before actually executing them.

This means that your Commands must have CanExecute() , which goes through your permission check logic and returns true or false. This is an important security measure, IMO, because UIElements can be easily changed while working with tools like Snoop. Take a look at this answer How to make Snoop proof of your wpf application?

+1
source

Source: https://habr.com/ru/post/1443109/

More articles:


All Articles