I am a bit confused about role and rule with my application. My some users will be authorized edit data on my web site. For example I will create roles like this:
- EDITOR
- ADMIN
- VIEWER
Asp.net mvc has an attribute named Authorize. I can specify roles for controller and actions .
[Authorize]
public class GeometryController : Controller
{
[Authorize(Roles = "VIEWER")]
public ActionResult Get(string id)
{
return Content("OK.");
}
[HttpGet]
[Authorize(Roles = "ADMIN, EDITOR")]
public ActionResult Edit(string id)
{
return Content("This operation is restricted for you.");
}
}
But I have another role that some users can edit data by working area. For example
- user1 can only edit Arizona data and view All zone data.
- user2 can edit and delete Texas data.
Authorizeattribute and include your logic - Vsevolod Goloviznin