How to design a system to filter requests on roles?
I have requirement to design a WCF Service based system to filter requests on roles in C#
Rules
User can access X
SuperUser can access Y
Admin can access Z
Database
Resource AccessControl
X User,SuperUser,Admin
Y Admin
Z Admin
How do I create a system where I can transform the开发者_如何学Gose accesscontrols into something like a hash or a calculated mathematical value so that I don't have do multiple checks like
If(user = RequestUser.Role.User||user = RequestUser.Role.Admin)
{}
Instead do something like this
Resource AccessControl someCalculatedHashValue
X User,SuperUser,Admin ????
Y Admin ????
Z Admin ????
if(user >= someCalculatedHashValue){}
Note: there could be one to many relationshps
Can't you use a Bit Vector for your roles (i.e. a Flags enumeration)?
That way you can simply add up the bits as your "hash".
You failed to provide details about the system. Depending on the technology used there are already proven and well-known techniques to manage just that (WCF for example gives you this for "free").
The samples are probably not complete either, because the way you presented it
User, SuperUser, Admin
Admin
Admin
this could be handled with a simple enum and an int comparison and an enumeration like this:
public enum Role {
Anonymous,
User,
SuperUser,
Admin
}
if (user >= (int)Role.User) ...
But that's probably far too simple and doesn't cover your real need? In short: Can you elaborate?
You could create a custom implementation of IPrincipal that implements IsInRole by wrapping the ranking logic you describe.
Now that I look closer at your question, it sounds awfully much like ACL-based security, and not role-based security at all. You may want to take a look at this instead.
精彩评论