C# でビジネス ロジック レベルのアクセス制御を行うにはどうすればよいですか? 昨夜、LINQ オブジェクト内に存在する単純なシステムをいじり始めましたが、特にクリーンなアクセス制御システムを見たことがないことに気付きました。達人がどのようにそれを行うのかを知りたいのですが、私の深夜のおもちゃに穴がないかどうかを確認してください.
柔軟な読み取り専用アクセス制御オブジェクトを構築するために、不要なフープを飛び越えているように感じます。私が知らないフレームワークの事前構築済みウィジェットが必要なようです。
#region Simple Demo
public class SomeObject
{
public AccessControl AccessControl;
public SomeObject()
{
ConfigureAccessControl();
}
private void ConfigureAccessControl()
{
AccessControlBuilder acb = new AccessControlBuilder();
acb.AddRole(UserTypes.Admin, true, true);
acb.AddRole(UserTypes.Anonymous, true, true);
acb.AddRole(UserTypes.Owner, true, true);
acb.AddRole(UserTypes.User, true, true);
AccessControl = acb.GetAccessControl();
}
}
public class ObjectFactory
{
private int _requestingUserId;
public ObjectFactory(int RequestingUserId)
{
_requestingUserId = RequestingUserId;
}
public SomeObject GetSomeObject()
{
SomeObject sso = new SomeObject();
if (sso.AccessControl.UserAllowed(_requestingUserId, UserActions.Read))
return new SomeObject();
else
throw new Exception("Unauthorized Access");
}
}
#endregion
#region AccessControl Code
public class AccessControl
{
private Hashtable _data = new Hashtable();
public AccessControl(Hashtable data)
{
_data = data;
}
public bool UserAllowed(int UserId, UserActions Action)
{ //Assorted app-specific logic here to determine role.
//Determine if User is Admin
//Determine if User is Owner
//Determine if User is Logged In
//Determine if User is Anonymous
//Check read/write for determined role
return true;
}
protected AccessControlSettings Role(UserTypes ut)
{
return (AccessControlSettings)_data[ut];
}
}
public class AccessControlBuilder
{
private Hashtable _data = new Hashtable();
public void AddRole(UserTypes ut, bool read, bool write)
{
_data.Add(ut, new AccessControlSettings(read, write));
}
public AccessControl GetAccessControl()
{
return new AccessControl(_data);
}
}
public enum UserActions
{
Read,
Write
}
public enum UserTypes
{
Admin,
Owner,
User,
Anonymous
}
public class AccessControlSettings
{ //Wraps specific access options so we make them set once in the builder
public bool Read { get { return _read; } }
public bool Write { get { return _write; } }
private bool _read;
private bool _write;
public AccessControlSettings(bool read, bool write)
{
_read = read;
_write = write;
}
}
#endregion