S
sklaun
The thread http://forums.asp.net/thread/1693719.aspx
One of the posters above in that thread posted but is his solution the
recommended approach? (I like his approach)
And here's the original question:
I have a Car Image class, a car class, and a car comments class:
CarImage, Car, CarComments
Each of those classes have permissions, View Permission and
CommentAllowed Permission. The Permissions are Private,
Family,Relatives, Members, All. A user can be a
Family,Relatives,member, or all 3 at once.
Example:
If the view type if set to Family on CarImage class, then only the
OWNER of the CarImage class AND the FAMILY can VIEW the CarImage class
properties (ex..image, car quality, car manfuactrer blah blah)
Now, in my object model, I have GetCarImageForUser which gets a
CarImageCollection PAGED. It filters the SQL query by (ViewType =
Permission) to the corresponding values. The object model gets the
carimage owner, and finds out if the AUTHENTICATED user is a family
member, relative of the carimage owner and also a member of the site.
If they are, it filters the SQL query. For a user that is a Relative
and a Family, it would be (ViewType = Family OR ViewType = Relative).
While this method filters out perfectly fine for most scenarios, it
won't work for some special situations.
Example:
User A.
User B is Family of User A.
User C,D,E,G are Family and Relatives of User A.
User C,D,E,G have all their car images set to FAMILY only.
User B goes and views User's As "user" list. At this point, the object
model get 's the incoming user (GetCarImageForUser) which is User A
and then finds out the permissions compared to User B. It finds out
that User B is Family ...so the object model gets confused and thinks
User C,D,E,G are also family and displays their carimages. User
C,D,E,G are NOT family of User B.
One way to solve this situation is to move the whole permissions
"generator" method into a function in MySql. The problem is, will it
affect performance?
For each row in a SELECT query, that function method will run. The
function method finds out if the user in the record is a
family,relative,member of the authenticated user EVERY row.
Any comments?
One of the posters above in that thread posted but is his solution the
recommended approach? (I like his approach)
And here's the original question:
I have a Car Image class, a car class, and a car comments class:
CarImage, Car, CarComments
Each of those classes have permissions, View Permission and
CommentAllowed Permission. The Permissions are Private,
Family,Relatives, Members, All. A user can be a
Family,Relatives,member, or all 3 at once.
Example:
If the view type if set to Family on CarImage class, then only the
OWNER of the CarImage class AND the FAMILY can VIEW the CarImage class
properties (ex..image, car quality, car manfuactrer blah blah)
Now, in my object model, I have GetCarImageForUser which gets a
CarImageCollection PAGED. It filters the SQL query by (ViewType =
Permission) to the corresponding values. The object model gets the
carimage owner, and finds out if the AUTHENTICATED user is a family
member, relative of the carimage owner and also a member of the site.
If they are, it filters the SQL query. For a user that is a Relative
and a Family, it would be (ViewType = Family OR ViewType = Relative).
While this method filters out perfectly fine for most scenarios, it
won't work for some special situations.
Example:
User A.
User B is Family of User A.
User C,D,E,G are Family and Relatives of User A.
User C,D,E,G have all their car images set to FAMILY only.
User B goes and views User's As "user" list. At this point, the object
model get 's the incoming user (GetCarImageForUser) which is User A
and then finds out the permissions compared to User B. It finds out
that User B is Family ...so the object model gets confused and thinks
User C,D,E,G are also family and displays their carimages. User
C,D,E,G are NOT family of User B.
One way to solve this situation is to move the whole permissions
"generator" method into a function in MySql. The problem is, will it
affect performance?
For each row in a SELECT query, that function method will run. The
function method finds out if the user in the record is a
family,relative,member of the authenticated user EVERY row.
Any comments?