Skip to content

Latest commit

 

History

History
36 lines (27 loc) · 1.54 KB

implicitly-granted-permissions.md

File metadata and controls

36 lines (27 loc) · 1.54 KB

Implicitly (Automatically) Granted Permissions

If a user / role has a write permission to some entity, it is natural to think that the read permission, should also be automatically granted.

Otherwise, How could a user modify an entity if he can't see the record itself in the first place?

StartSharp provides you the ability to auto assign a permission to a user/role, if user has another permission.

It is pretty simple to define such relations between permissions using attributes:

[NestedPermissionKeys]
[DisplayName("Northwind")]
public class PermissionKeys
{
    [DisplayName("Customers")]
    public class Customer
    {
        [ImplicitPermission(General), ImplicitPermission(View)]
        public const string Delete = "Northwind:Customer:Delete";
        [Description("Create/Update"), ImplicitPermission(General), ImplicitPermission(View)]
        public const string Modify = "Northwind:Customer:Modify";
        public const string View = "Northwind:Customer:View";
    }

    [Description("[General]")]
    public const string General = "Northwind:General";
}

Here we define that, if a user/role has "Northwind:Customer:Delete" or "Northwind:Customer:Modify" permission, they should automatically have "Northwind:General" and "Northwind:Customer:View" permissions.

These relations saves you from having to memorize and check all required permissions manually to grant access to a specific resource in permissions dialog.

It also greatly simplifies access control by letting you use shared permission keys.