views:

269

answers:

3

Hello,

I have different types of Roles to take into account when authorizing a user. For example: John must have Position Manager and be part of the Office Supplies Department to order a new computer.

Problem with Roles is Roles.GetRolesForUser("John") can only return a string array.

Should I go with a custom roleProvider and custom roleManager? or should I develop a custom ProfileManager to add methods like GetUsersWithProfileProperties()?

Any suggestion is welcome!

Thibaut

EDIT: the above example is simplified I could have a much as 4 types of roles which are 4 different collections.

EDIT: I found a very similar question

A: 

I think there is a method GetUsersInRole. http://msdn.microsoft.com/en-us/library/system.web.security.roles.getusersinrole.aspx

Aseem Gautam
I know GetUsersInRole("") exists, it's not the problem. I'll edit my post to rephrase.
teebot.be
+2  A: 

From what you write; I believe that everything you need is currently available out of the box:

    // Return all Users in a  Role
    string[] users;
    users = Roles.GetUsersInRole("RoleName");
    // Return all Roles for a User
    string[] roles;
    roles = Roles.GetRolesForUser();
    // Search through Membership store locating users with a role
    MembershipUserCollection mu;
    mu = Membership.GetAllUsers();
    // Loop through all membership users looking for users in a role

    foreach(MembershipUser m in mu){
        if(Roles.IsUserInRole(m.UserName, "Role Name")){
            // Do something

            // We can even nest to x levels
            if (Roles.IsUserInRole(m.UserName, "Another Role")){

                // Do something else
            }
        }
    }

Please clarify if I have misunderstood your question.

Mick Walker
I would then have to make the array flat (having "manager" and "office supplies" at the same level). While this could work, this feels a bit like a hack.
teebot.be
also what if there's a third type of role I would have to add another iterator.
teebot.be
Roles are user defined, so I cannot ever see them becoming strongly typed I am afraid.
Mick Walker
the problem is not that it's not strongly typed, it's really how to query different collections from a common provider interface
teebot.be
ASP.Net allows the flexibility to roll your own custom provider. The out of the box functionality is as far as I gather, simply a base for you to extend upon.Yes there are scenarios where the out of the box model will fit the developers needs, but in real world situations this is rarely the case.
Mick Walker
+1  A: 

why not create a "CompositeRoleProvider" with a Path-To-Level typew convention for accessing each subordinate role provider. You will still have to create multiple role providers, but your Composite or Top-Level Provider does all of the work for you. I plan to do a similar thing with ProfileProvider