use something built into ASP.NET Identity
The only things you could use are claims or roles, and both are not made for what you want IMO.
So, I would go with my own table, which associates the project with the user, for example:
public class UserProjectRights { [Key] public ApplicationUser User { get; set; } [Key] public Project Project { get; set; } public AccessRight Right { get; set; } }
Then, whenever you perform certain actions when a certain right is required, you need to check it. There are several ways you could do this. In my application, I created "authorization extensions" as follows (I defined a common interface for all "access rights" to "reuse" this method):
public static bool? CanView(this ApplicationUser user, Project project) { var userRight = project.Rights.FirstOrDefault(r => r.User == user); return userRight == null ? (bool?)null : userRight.Right.HasFlag(AccessRight.View); }
Assuming AccessRight is an enum like:
[Flags] public enum AccessRight { View, Edit, Admin }
Then in your logic you can do something like the following:
if (user.CanView(project) == true) {
Did I use bool? , so I can implement different "default behavior", as I know, if null returned, then no right is defined.
Chrfin
source share