Skip to content

Commit

Permalink
Clarified activity based authorization
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryankirkman
ryankirkman committed Feb 7, 2013
1 parent b4833ab commit 81e7e20
Showing 1 changed file with 23 additions and 4 deletions.
27 changes: 23 additions & 4 deletions _posts/2013-01-31-activity-based-authorization.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ Three things are required to successfully implement activity based authorization
A mapping of roles to activities
--------------------------------

A role represents a collection of activities. It saves you having to associate activities directly to a user. By decoupling activities and users via roles, you are able to add activities to roles on the fly.
A role represents a collection of activities. It saves you having to tie activities directly to a user. By decoupling activities and users via roles, you are able to add activities to roles on the fly.

The application itself never deals with roles. The application only specifies activities. It is up to the activity system to check whether the activity is associated with one of the user's roles.


A way of specifying which activities require authorization
Expand Down Expand Up @@ -50,11 +52,11 @@ A mechanism to authorize a user for a given activity
As above, the attribute implementation would take the Activity name, the user and the inferred role based on the user and check to see if that role mapped to the specified Activity:

``` csharp
public void AuthActivityAttribute(string Activity) {
public void AuthActivityAttribute(string Activity)
{
User currentUser = GetCurrentUser();
Role userRole = GetRoleForUser(currentUser);

if(GetActivitiesForRole(userRole).Contains(Activity))
if( GetUserActivities( currentUser ).Contains( Activity ) )
{
// Authorized
}
Expand All @@ -63,6 +65,23 @@ public void AuthActivityAttribute(string Activity) {
// Unauthorized
}
}

public List<Activity> GetUserActivities(User currentUser)
{
List<Role> roles = GetUserRoles( currentUser );
List<Activity> activities = new List<Activity>();

foreach(Role role in roles)
{
List<Activity> roleActivities = GetRoleActivities( role );
activities.AddRange( roleActivities );
}

return activities;

// If we wanted to be concise, this whole method could be written as:
// return GetUserRoles( currentUser ).SelectMany( x => x.GetRoleActivities( x ) );
}
```


Expand Down

0 comments on commit 81e7e20

Please sign in to comment.