0

Let's say I have a view which should change it's content based on the user resp. on the users permission.

After some research I basically found 2 types of authorization. Role-Based and Activity-Based authorization. Now, activity-based seems pretty fine, but I don't think that is what I'm looking for. Sure, I want to authorize the user for the activity/action, but I also want to change the content based on it.

Is there a proper way to do so, or is is is just a "no go"?

Example: Let us assume, I have 3 companies (A, B and C). Now in my web application I want to provide the functionality, that an adminuser from company A can edit information about company A. The same with company B but company C can edit information about all three. So I'd like to fill the content dynamically based on the users permission. I hope this is understandable..

Similar to If multitenancy is a priority, should I store site content in the database?

Update: I found a solution. ResourceAuthorization from Thinktecture does what I need. It's a very nice example on how to do it. :-)

Community
  • 1
greenhoorn
  • 109
  • 6
  • 2
    There isn't much to go on here. Perhaps if you provided an example? – Robert Harvey Jan 26 '15 at 18:13
  • Normally "low-tier" users will simply see a strict subset of the content, so it's hard to get yourself into a Turing tarpit as long as the actual authorization check is encapsulated somehow. Is there some more complicated rearrangement of content you're interested in? Would it be big enough to justify writing entirely different views for each user tier? – Ixrec Jan 26 '15 at 23:27

0 Answers0