创建基于_simple_细粒度用户的安全系统 [英] creating a _simple_ fine grained user based security system
问题描述
(我希望有人检查我的想法是完全愚蠢还是确定?)
我有一个中期需要细粒度用户的酒店的复杂应用程序
安全系统。换句话说,管理员应该能够拒绝/授予
对用户的特定访问权限,例如能够进行预订或
打印报告的能力。
现在,我在想业务对象可以采取类似的方式:
enum UserPrivileges {各种权限.......};
IPrivilegedUser
{
public UserPrivileges Privileges
{
get;
}
}
用户类继承自此接口,业务对象
可以将此用户带入函数并按照
所需权限返回true / false,或者抛出异常:
用户user1 = new User() ; //类用户继承自IPrivilegedUser
并从DB加载权限
Reservations.LoadPrivileges(user1); //检查返回值.. ??
Reservations.EditReservation()//如果
特权不够,调用它会失败!?
这是否足够好设计,它会在某个地方分崩离析还是
还有更好的方法吗?
像.NET中的CAS这样的声明性安全性会因为它的成功而过度杀伤
不是一个非常大的应用程序,但我确实需要设计足够灵活
这样如果应用确实变大了我就不会乱七八糟。
谢谢
Gideon
(I want someone to check if my idea is utterly stupid or ok??)
I have a mid complex app for a hotel that needs a fine grained user
security system. In other words an admin should be able to deny/grant
specific access to users like Ability to make a Reservation or the
ability to print reports.
Now, I''m thinking the business objects could take something like:
enum UserPrivileges { various privileges....... };
IPrivilegedUser
{
public UserPrivileges Privileges
{
get;
}
}
The user class inherits from this interface, the business objects
could take this user in a function and return true/false as per the
needed privileges, or maybe throw an exception:
User user1 = new User(); //class User inherits from IPrivilegedUser
and loads the right privileges from the DB
Reservations.LoadPrivileges(user1);//check the returned value..??
Reservations.EditReservation() // calling this should fail if the
privileges are not enough!?
Is this a good enough design, will it break apart somewhere or is
there a better way to do this?
Declarative security like CAS in .NET would be an overkill since its
not a very large app, but I do need the design to be flexible enough
so that if the app does grow big I''m not in a mess.
Thanks
Gideon
推荐答案
嗨Peter,
非常感谢您的回复。
hi Peter,
Thanks so much for your reply.
IUserPermissionService
{
* * bool CanCreateReservations(用户用户);
* * bool CanEditReservation(用户)用户,预订);
* *等
}
IUserPermissionService
{
* * bool CanCreateReservations(User user);
* * bool CanEditReservation(User user, Reservation reservation);
* * etc
}
这很好,我还有一些简单的问题,我应该使用ServiceProvider单例吗?所以它随处可用?
另外,我将在UI的演示中测试用户权限
类,所以有一个很好的方法来禁用/当新用户登录时启用菜单,基于
的按钮?
我在考虑MainWorkspace(表单)和子视图(usercontrols)
和菜单响应UserChanged事件,然后调用服务
检查是否有正确的权限。但是UserChanged活动应该从哪里来?
来自哪里?
非常感谢
Gideon
This is nice, I''ve still got just few simple question, should I make
the ServiceProvider singleton? So its available everywhere?
Also, I will be testing for user rights in the UI''s presentation
classes so is there a nice way to Disable/Enable menus, buttons based
on when a new User signs in?
I was thinking the MainWorkspace(Form) and the subview(usercontrols)
and menus respond to a UserChanged event and then call the service to
check for the right privileges. But where should the UserChanged event
come from in the first place?
Thanks so much
Gideon
说实话,我仍然想要使用IPrincipal。使用现有API,您可以获得所需的一切。你总是可以添加一个静态的
类来提供简化的访问,即
public static bool CanCreateReservation(){
返回HasAccess (某些常数)
}
私有静态bool HasAccess(字符串角色){
//获取主体并调用IsInRole ...
}
如果你不想创建自己的校长,你可以非常简单地使用
GenericPrincipal / GenericUser。 br />
Marc
To be honest, I''d still be tempted to use an IPrincipal. This does
everything you want with existing APIs. You could always add a static
class to provide simplified access, i.e.
public static bool CanCreateReservation() {
return HasAccess(some constant)
}
private static bool HasAccess(string role) {
// get principal and call IsInRole...
}
If you don''t want to create your own principal, you can use
GenericPrincipal / GenericUser very simply.
Marc
>>
这很好,我还有几个简单的问题,我应该使用ServiceProvider单例制作
吗?所以它随处可用?
<<
只要您确保服务中的线程安全,您就可以这样做。
>>
This is nice, I''ve still got just few simple question, should I make
the ServiceProvider singleton? So its available everywhere?
<<
You could do, yes, as long as you ensure thread safety in your services.
>>
>>
另外,我将在UI的演示文稿中测试用户权限
类,所以有一个不错的当新用户登录时,禁用/启用菜单,按钮的方式
?
<<
你在登录后必须执行一些代码,以便根据安全服务的结果启用或禁用它们
。
Also, I will be testing for user rights in the UI''s presentation
classes so is there a nice way to Disable/Enable menus, buttons based
on when a new User signs in?
<<
You''d have to execute some code after login to enable or disable them based
on results from the security service.
>>
>>
我在考虑MainWorkspace(Form)和子视图(usercontrols)
和菜单响应UserChanged事件和然后拨打服务
检查是否有正确的权限。但是UserChanged事件应该从哪里开始?
来自哪里?
<<
您希望用户你的应用程序运行时更改?你能解释一下吗?
Pete
I was thinking the MainWorkspace(Form) and the subview(usercontrols)
and menus respond to a UserChanged event and then call the service to
check for the right privileges. But where should the UserChanged event
come from in the first place?
<<
You expect the user to change whilst your app is running? Can you explain?
Pete
这篇关于创建基于_simple_细粒度用户的安全系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!