Implementing rights with ASP.NET Identity
use something built-in provided by ASP.NET Identity
The only things you could use there are claims or roles and both are not built for what you want IMO.
So I would go with your own table which links the project to a user, e.g.:
public class UserProjectRights{ [Key] public ApplicationUser User { get; set; } [Key] public Project Project { get; set; } public AccessRight Right { get; set; }}
Then whenever you do some actions where a specific right is required you need to check for that. There are several ways how you could do that. In my app I created "access right check extensions" like the following (I have defined a common interface for all "access right entities" to "reuse" that method):
public static bool? CanView(this ApplicationUser user, Project project){ var userRight = project.Rights.FirstOrDefault(r => r.User == user); return userRight == null ? (bool?)null : userRight.Right.HasFlag(AccessRight.View);}
assuming AccessRight
is an enum like:
[Flags]public enum AccessRight{ View, Edit, Admin}
Then you can do something like the following in your logic:
if (user.CanView(project) == true){ // show project}
I used bool?
so I can implement different "default behaviour" as I know if null
is returned there is no right defined.