我如何实际使用 Rhino Security 来保护我的实体?
我的问题与我应该如何以及何时使用 AuthorizationRepository 有关?
我想我应该在我的应用程序中有某种方法来维护我的用户角色(犀牛安全术语中的用户组)以及用户和用户组之间的关系。到目前为止,一切都很好。
当我想向实体和实体组授予特定权限时,我的问题就出现了。我是否应该在根据某种条件保存和更新我的实体的方法中具有关联和权限授予代码?
例如,假设我有一个拒绝访问“VIP 记录”的 HR 系统。我有这个模型:
public enum RecordType
{
Normal,
VIP
}
public class Record
{
public string Name {get;set;}
public RecordType Type {get;set;}
}
我应该在哪里放置以下代码,将特定实体与名为“VIP”的组关联起来?:
_repository.AssociateEntityWith(record, "VIP");
有没有地方可以放置一些对我的实体进行分类的代码?
还有一个问题,如果我的 ID 是 int,我应该为每个实体返回什么 GUID?
谢谢!!
My question is related as to HOW and WHEN should I use the AuthorizationRepository?
I guess that I should have some way in my application to maintain my user roles (user groups in rhino security terms) and the relations between users and user groups. So far so good.
My problem comes when I want to give specific permissions to entities and entity groups. Should I have the association and permission giving code in the method that saves and updates my entities base on some condition?
For example suppose I have a HR system that denies access to "VIP Records". I'd have this model:
public enum RecordType
{
Normal,
VIP
}
public class Record
{
public string Name {get;set;}
public RecordType Type {get;set;}
}
Where should I have the code the following code that associates a specific entity with a group called "VIP"?:
_repository.AssociateEntityWith(record, "VIP");
Is there any place where I could put some code that classifies my entities?
And another question, what GUID should I return for each entity if my ID is an int?
Thanks!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Rhino Security 是特定的吗?如果我理解正确的话,这更多的是一个设计问题。如果它是一个小型应用程序,我会将代码
_repository.AssociateEntityWith(record, "VIP");
放在任何需要的地方,例如,在处理用户按下某个按钮的方法中。但是,如果您有更复杂的应用程序,则可以将其放在业务层中。例如,您可以有一个类
Security
,其方法如下:我不太了解Rhino Security,所以如果我完全误解了您的问题,我深表歉意。我也无法回答您有关 ID 的问题,但您也可以尝试 Rhino 工具Google 群组。
Is this Rhino Security specific? If I understand it correctly, it is more of a design question. If it's a small application, I would put the code
_repository.AssociateEntityWith(record, "VIP");
wherever it's needed, for example, in the method that handles a user pressing a certain button.If, however, you have a more complex application, you could put it in a business layer. You could have a class
Security
for example, with a method:I don't know Rhino Security well, so if I totally misunderstood your question, I apologize. I can't answer your question about the ID also, but you could also try the Rhino Tools Google Group.