In an MVC application running on Windows server, am trying to setup the permission for various sections. How is this done?
Say level 5 = super user, level 4 = admin, 3 = regular user, 2 = guest, 1 = public/no login
in the controller,
[Authorize 5, 4, 3] public actionresult SomeMethod()
So here, only levels 5, 4, 3 can access it, the others are blocked
How is this kind of permissioning setup?
The other problem may be far too hard. There are 100 logged in users with a password. 95 are regular users or guests. Of the regular users, each will have their own data area on this application and only they, or an admin should get access to modify that data.
so it would be:
[Authorize 5, 4,
(id == 1)? user1:null,
(id == 2)? user2:null,
(id == 3)? user3:null,
(id == 4)? user4:null,
(id == 5)? user5:null,
(id == 6)? user6:null,
(id == 7)? user7:null,
(id == 8)? user8:null,
(id == 9)? user9:null,
(id == 10)? user10:null,
(id == 11)? user11:null,
(id == 12)? user12:null]
public actionresult SomeDataEDITMethod(int id) {}So as the method is called with an id, you only permit admins, and then the user, but its got a long [Authorize] block to set it up. and its using the old notation for an if then, the else part is always null
The end result, is to match that record coming back to a specific user, so only that user or admins can edit that record.
The other method may be to disable edit buttons in the View, based on the user, so only a certain user can edit some files; But what is this kind of selective permission called or whats a way it can be implemented? thanks