NCommet.Modules.Authorization is a project that implements IAuthorizationManager. IAuthorizationManager interface supports role based authorization and the assignment of rights on a role over an item.

The various rights that exist are defined by the enumeration NCommet.Core.Agents.AccessLevel and are the following:
  1. None: No right.
  2. View: Right to retrieve an item from the persistent storage.
  3. Edit: Right to save an item to the persistent storage.
  4. Delete: Right to delete an item from the persistent storage.
  5. Detach: Right to detach an item from its parent.
  6. AddChild: Right to add a child to a parent item.
  7. Everything: All of the above rights.
NCommet.Modules.Authorization contains the following files:
  • AuthorizationManagerBase, which implements a part of IAuthorizationManager that is common among many final implementations. The methods it implements are:
    • GetAccessLevel, which returns the access level a given user (principal) has on the specified item.
    • FilterChildren, which filters the children of an item, keeping only the items that the given user has the required access level.
    • HasAccess, which checks if the current logged-in user has the required access level on a specified item.
  • ReadOnlyAuthorizationManagerBase, which is an abstract base for authorization managers that do not support changing access levels. One can derive the implementation from this class when the roles' access levels are fixed.
  • AuthorizationManagerImpl, which is an implementation of IAuthorizationManager that stores access levels in a database table. This implementation uses a table named ItemRole to store access level information. The item id is used to distinguish items, so this implementation requires a persister and works only with persisted items. This table contains the following columns:
    • ItemID: The item id.
    • RoleName: The role name.
    • AccessLevel: The access level of the role on the item, as an integer bitmask.
  • AMCachedImpl, which inherits AuthorizationManagerImpl and supports caching to minimize the number of queries to the database.
  • ItemRole.sql, which is an SQL Script that is used to create the ItemRole table in the database.

Last edited Apr 14, 2008 at 11:05 AM by klai, version 5

Comments

No comments yet.