CMS Logbook 3: Users and multiple roles in an application

In an application, when users are member of more than one roles some complications arise. This can be like;

1. What is the user's default role when logged in? For example if the application customizes the user interface according to role, then what role will be picked up?
2. If a user has some authorization grant for a role and a deny for another which will be taken into acccount?

For the question 1 , I think that a default role should be given for every user, and this should be used for view customization. For an ASP.NET 2.o application this could be stored in user profile.

For the question 2, I plan to take this approach, If user has at least one grant for an operation then it is sufficient for the authorization.

CMS Logbook 2 : Data from different angles

I have been working on a simple content management system for more than a month now and things are getting more interesting for me lately. What makes my simple content management system?(cms from now on).

• Content is tree based.
• Leaves can be containers or the content itself.
• There are different kind of contents.
• Some contents are approvable some are not.
• There is an authorization system based on ASP.NET 2.0 Membership and Role Providers.
• The authorization system is fine grained till the leaves.
• The authorization system relies on user roles rather than individual users.
• The authorization system consists of access rights as view, edit, delete, create new and list.
• List stands for if the user has rights to list the children nodes of the node.
• View stands for if the user has rights to view the content on the node.
• Delete stands for if the has right to delete the node.(this operation undergoes a check for finding references for the content on the node)
• Create New stands for if the user has right to add a new node to the current node. A new node will be automatically editable and deletable for the adding user.
• Edit stands for if the user has right to edit the content on the node

CMS Logbook 1 : Ideas on implementing the authorization code for a content management system

I have been messing around with ASP.NET 2.0 authentication and authorization stuff lately and have come up with some essential sites:

ASP.NET 2.0 Membership, Roles, Forms Authentication
How To: Use Role Manager in ASP.NET 2.0
How to use Forms authentication with sql server 2005

The ASP.NET 2.0 provides some Membership API in order to ease the authentication and autohorization issues. You can set up a whole site with user creation, login, password change, password reset functionality without writing a single line of code.

My aim is to have some role-based restrictions for our simple content management system. On a tree based content the administrator will check , or uncheck some checkboxes for some user , thus authorize him/her for the content. The role management api provides me the functions like queriying the user for some specified role, but for some custom authorization requirement like below I have to write some code.

My business logic classes have to check if these exist:

• The user has some right to edit content management system, speaking of which I am planning to implement as a standard role in Role Management Api.
• The user has some right to edit the specified content node. Here I need a new database table to join the built-in roles and rights for that specified node, the database may have the columns like id, role_id, content_id, user_rights.

Thus for a user to do some operation on a content node he must a member of "content manager" role AND have the specific rights for the task.