Sample on how to apply Groups with roles on controller checking
Opened this issue · 1 comments
Hi, I finally understood your groups, took me a couple of times peeking at code and reading your website docs.
But its not clear on how to implement the groups authorization in conjunction with roles on a controller
For e.g. if we had 2 groups that need to only return and authorize their managers, how would this be modeled exactly ?
- Group one, to only find and authorize
Homedepots managers
Group = HomeDepot
Role = Manager
Users = Hank, Harry etc. - Group two,
to only find and authorizeWalmarts managers and walmarts employees/users
Group = Walmart
Role = Manager
Users = John, Jake etc.
I need to implement the company at a group level, and then these tasks. Can you help me with them..
- What would (a sample) my group declaration be?
- What would my controller authorize attribute be, would it simply be roles? I ask because I want to check against Group [HomeDepot+MgrRole] and not just Manager role... which defeats the purpose of groups
- How can I get only managers inside Walmart, and users/employees inside walmart?
- How can I find which all groups a user and a role belong to?
- How can I get all the roles for a user, his list of access to 1) directly as part of a role 2) indirectly via groups
Hmmm. The multi-tenant aspect of this introduces a few different challenges to my original concept.
As I mentioned in another issue, I am currently in the process of moving cross-country, so I won't be able to really look at code for a few days yet.
Let me mull this over though, and we can maybe figure something out.
You may need to move towards a claims-based auth strategy or something.