All geek questions in one place

Website Resolution Schema Development Resources

I am developing a site that needs an access permission scheme. I'm not sure how I want to structure the scheme, and it's hard for me to find good resources to determine not only how to implement the permission scheme, but also how to plan what the scheme should be capable of.

I have a lot of questions, not a lot of solid information. And I can not formulate the pros and cons of the answers available.

  • Should it be role based and if users have roles?
  • Should it be based on a group?
    • If groups can be members of groups, as in AD?
    • Or can only users be members of groups?
  • How do I handle default permissions?
    • Should it be installed based on the tool that creates the page?
    • Should the creating user set permissions when creating the page?
  • Should users create their own groups?

What is your experience in developing permission schemes? I am pretty green at that, and any good resources, books, blogs, etc. Will be really helpful.

+3
source share
2 answers

I was impressed by the flexibility and power of the KnowledgeTree permission system.

It is roughly organized as follows: Business Units → Groups (and Subgroups) → Roles → User

KT - , , . .

, . ; A X, Y. , , A.

, . , B , , (, , ).

TYPOlight webCMS , . CMS (), ().

0

, - ( ) ( ), :

  • - ,
  • ( , ..).
  • , ( )

  • db, . :

    public static class Area1
{
    public static int AreaId { get { return 1; } }
    public static int Permission1 { get { return 1; } }
    public static int Permission2 { get { return 2; } }
    public static int Permission3 { get { return 4; } }
}
public static class Area2
{
    public static int AreaId { get { return 2; } }
    public static int Permission1 { get { return 1; } }
    public static int Permission2 { get { return 2; } }
    public static int Permission3 { get { return 4; } }
    public static int Permission4 { get { return 8; } }
    public static int Permission5 { get { return 16; } }
}

    ..

  • :

    public class PermissionsPage: BasePage
{
    int _permissionAreaId;
    int _permissionValue;
    string _page;

public PermissionsPage(int permissionAreaId, int permissionValue)
    : base()  
{
    Init += new EventHandler(PermissionsPage_Init);
    _permissionTypeId = permissionTypeId;
    _permissionValue = permissionValue;
}

void PermissionsPage_Init(object sender, EventArgs e)
{
    if (!IsPostBack)
    {
        _page = Request.Url.Segments.Last();
        if (!PermissionsManager.TestPermission(UserWebSession.User, _permissionTypeId, _permissionValue))
        {
            // handle permission denied
        }
        else
        {
            // log page access
        }
    }
}

    }

  • :

    public partial class yourControlledPage : PermissionsPage
{
     // test permission over an entire page
     public yourControlledPage()
        : base(PermissionDef.Area1.AreaId, PermissionDef.Area1.Permission1)
     {
     }
}


  •  // test permission over a specific control
 yourDropDownList.Enabled = PermissionsManager.TestPermission(UserWebSession.User, PermissionDef.Area2.AreaId, PermissionDef.Area2.Permission4);

* "Area1" "Permission1", , ... !

, , ...

+1

Source: https://habr.com/ru/post/1724546/

More articles:


All Articles