How to define permissions to access an entity?

N

no0ob2016-05-06 22:36:33

ASP.NET

no0ob, 2016-05-06 22:36:33

There is a web application in which there are 3 types of groups (Group_1, Group_1 Object, Group_2) (groups are stored in one table).
There are users, each of which can have different rights to different groups (a user can have many groups, all of a different type).
What is the best way to define access rights to a group in an application? One of the thoughts is to pass the group ID in each request. But I don't really like this idea, because, for example, Object_group_1 has a discount that can be accessed by identifier, and it turns out that when editing this discount, you also need to pass the ID of object_group_1, to which the discount applies. It seems to me that it is possible to do something simpler, I just do not have enough brains.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

MrDywar Pichugin, 2016-05-08
@Dywar

A request arrived to the controller, we found out which role the authorized user belongs to, based on this we make a request to the database. Not?
Or a request came from the user, they asked the database which groups are available to him, made a request to them.