Skip to content

A powerful .Net component for managing permission entries in content repositories.

License

Notifications You must be signed in to change notification settings

SenseNet/sn-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

sensenet Security

Security core EF/ data provider MSMQ message provider

A powerful and fast .Net component for managing permission entries in structured content repositories.

The permission layer of sensenet is built on top of this library, so it is a well-tested, robust and scalable option for providing permission features in large projects.

Permission entries and user-group relationships are stored in a database that can be replaced with a custom db provider. The built-in db provider is for Entity Framework.

Main features

Entities

The security component has an API for maintaining an entity structure (parent-child relationships), so it is ideal and most effective for providing security functionality in environments where there is a tree structure.

// register an entity in the security component
context.CreateSecurityEntity(entityId, parentId, ownerId);

Users and Groups

User-Group relationships are essential, because permissions are evaluated in a transitive way: permissions set for a group apply to its members too. Groups may have group members too.

context.IsInGroup(memberId, groupId);

Entries

Permission entries (Access Control Entries) are lists of permissions defined on an entity for a user or group. The security component handles permissions as simple slots in the db, the permission types (e.g. Open or Save) are defined by the client application.

// break permission inheritance, fluent API
context.CreateAclEditor()
	.BreakInheritance(entityId1)
	.Allow(entityId2, identityId1, localOnly, PermissionType.Save)
	.Allow(entityId3, identityId2, localOnly, PermissionType.AddNew)
	.Apply();

Evaluation

Permission evaluation takes two things into account:

  • tree structure: permissions defined on the parent are applied on children (unless they are local-only).
  • group memberships: permissions set for a group apply to all group members.

It works similarly to file system permissions, in other words: it works as you expect.

// permission check for a single item
if (context.HasPermission(entityId, PermissionType.See)) 
{
}

Integration

For details on integrating it in a 3rd party application please visit the following article:

sensenet as a service (SNaaS) - use sensenet from the cloud

For a monthly subscription fee, we store all your content and data, relieving you of all maintenance-related tasks and installation, ensuring easy onboarding, easy updates, and patches.

https://www.sensenet.com/pricing

About

A powerful .Net component for managing permission entries in content repositories.

Resources

License

Stars

Watchers

Forks

Packages

No packages published