How do I actually use Rhino Security to secure my entities?

Question

My question is related as to HOW and WHEN should I use the AuthorizationRepository?

I guess that I should have some way in my application to maintain my user roles (user groups in rhino security terms) and the relations between users and user groups. So far so good.

My problem comes when I want to give specific permissions to entities and entity groups. Should I have the association and permission giving code in the method that saves and updates my entities base on some condition?

For example suppose I have a HR system that denies access to "VIP Records". I'd have this model:

public enum RecordType
{
   Normal,
   VIP
}

public class Record
{
   public string Name {get;set;}
   public RecordType Type {get;set;}
}

Where should I have the code the following code that associates a specific entity with a group called "VIP"?:

_repository.AssociateEntityWith(record, "VIP");

Is there any place where I could put some code that classifies my entities?

And another question, what GUID should I return for each entity if my ID is an int?

Thanks!!

Answer 1

Is this Rhino Security specific? If I understand it correctly, it is more of a design question. If it's a small application, I would put the code _repository.AssociateEntityWith(record, "VIP"); wherever it's needed, for example, in the method that handles a user pressing a certain button.

If, however, you have a more complex application, you could put it in a business layer. You could have a class Security for example, with a method:

public void SetAsVipRecord(Record record)
{
    // maybe there's other stuff to do here, like validation logic, logging, etc.
    _repository.AssociateEntityWith(record, "VIP");
}

I don't know Rhino Security well, so if I totally misunderstood your question, I apologize. I can't answer your question about the ID also, but you could also try the Rhino Tools Google Group.