{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 地球回转人心会变 的问题《WPF permission-based authorization using Enum Flag》','https://www.manongdao.com/q-711587.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've been doing C# for a month now so please forgive the 'localness' to this question but I have researched for a few hours and I have hit a brick wall.
I've seen examples left and right for Role-based authorization for WPF applications utilizing IIdentity and IPrincipal.
I can't find a lot of information, however, on a more Permission-based authorization approach, in this app imagine there are no Groups but just a list of permissions and users and you can assign anyone any permission.
I'd like to be able to:
1) Be able to control the UI/elements based on user permissions with such states as: Enabled, ReadOnly, Invisible, Collapsed (as seen here https://uiauth.codeplex.com/)
2) Be able to specify at the class or method level which permissions are required (similar to http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/)
Instead of:
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
I want something like:
[PrincipalPermission(SecurityAction.Demand, Permission = "Can add users")]
Right now the only way I see how to do this is utilizing ICommand and putting authorization logic in the CanExecute methods using a lot of string comparison to see if the user has the required rights to perform requested actions like:
// Employee class
public bool HasRight(SecurityRight right)
{
return employee.Permissions.Contains(right);
}
// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
// Allowed to perform action
}
else
{
// User does not have right to continue
throw SecurityException;
}
I've been told Enum Flags may be what I'm looking for What does the [Flags] Enum Attribute mean in C#?
I think I understand enum/flag/bits but not enough to complete the implementation...
If I have:
EmployeeModel
EmployeeViewModel
ThingTwoModel
ThingTwoViewModel
MainView
I'm not sure where everything goes and how to tie it all together.... here's what I have so far (I realize this isnt a working example... thats my problem!):
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
public static void testFlag()
{
Permissions p;
var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
if (x & p == desiredPermissions)
{
//the user can be created and read by this operator
}
}
Thank you for any guidance.
Final solution (.linq):
well the
testFlagwon't work as it is. I think you want something along the lines of (LINQPad c# program snippet):Does that answer your question?