My question is related as to HOW and WHEN should I use the AuthorizationRepository?
I guess that I should have some way in my application to maintain my user roles (user groups in rhino security terms) and the relations between users and user groups. So far so good.
My problem comes when I want to give specific permissions to entities and entity groups. Should I have the association and permission giving code in the method that saves and updates my entities base on some condition?
For example suppose I have a HR system that denies access to "VIP Records". I'd have this model:
public enum RecordType
{
Normal,
VIP
}
public class Record
{
public string Name {get;set;}
public RecordType Type {get;set;}
}
Where should I have the code the following code that associates a specific entity with a group called "VIP"?:
_repository.AssociateEntityWith(record, "VIP");
Is there any place where I could put some code that classifies my entities?
And another question, what GUID should I return for each entity if my ID is an int?
Thanks!!