My Simple Permissions System

Simple Permissions

The permission system is simple in design but allows complicted permissions to be created by layering the mixed key, role and level properties. The concept is that we have permissions that any item wanting to check just asks the permission system if the logged in user can carry out the action.  At its simplest form it is used thus:

//See if user can edit pages
if(Security.CanUser("Page_E") || Security.CanUser("Page_*"))
{// User Can Edit pages}

You can also use the data field to add specifics to a permission. Say we want to allow Bob to only edit certain pages. In the data field we can add a comma delimited list of page ids and get the system to check them as follows:

//See If user can edit this page
if(Security.CanUser("Page_E", PageObject.UniqueId))

When you pass in a specific item the default routine splits the data field by , and checks to see if the passed in value is in the results.  This simple system also allows you to pass in a seperate function to do your own parsing of the data if required.

Permission Levels

All permissions are assigned a simple level property that can be used save setting thousands of permissions and to override permissions for single entries.  When a user logs in their permissions are gathered from the roles listing and then have the user permissions appended to their list. When duplicate entries are found the user one overwrites the role one. This allows a user to be in a role but denied a particular action.

The level property allows overriding on a more global level. If we have Page_E in the PermissionsList that has a level of 100 and a role has a MinimumLevel 200, they automatically gain all permissions below 200.  This allows us keep the Permission Lookup tables small but still have granular control where its required.

Normally we’ll just be adding simple permissions and assigning them to users or roles but its nice to be able to override any of them on a whim and to check for specfic data if required.

N.B. This is a mixed tutorial/documentation for the permissions system of the cms. Will pull these out later to a wiki when I release the cms.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.