Question: will it work with MySQL and more

[rickardliljeberg]

Hi,

I am just converting to .net MVC and need to do a project with MySQL and simplemembership does not work with MySQL does flex?

---

And on a separate question (as I am also new to proper membership/roles). My requirement is a site that is sold to customers with a customer having an admin and that admin in turn creating users and assigning them to one or more courses.

With admin it's easy its simply [FlexAuthorize(Roles=CustomerAdmin)] and then fetch only the things that his company is in charge of.

The problem here is that doing this [FlexAuthorize(Roles=user)]

would allow all users, but i need to check if this particular user is allowed on the particular course that is send in the request. Whats the best way? I can allow all logged in users into the controllers action and then in the action check if the user is allowed to see the course. If that is the way to go, whats the best way to store users course permissions?

I could creates roles like "CustomerA_Course1" and then assign the role to all users who are allowed in that course. and then in my controller simply lookup the "role" for that particular course, and then see if the user is part of that role.

is that the way to go?

[OdeToCode]

Hi Rick:

At this point there is no MySql provider, so that would be the first step in getting this to work. I've heard there is an EF connector for MySql, which might make the job really simple, but I'd have to try it out.

For your authorize scenario with non-admins it sounds like an attribute might not be what you want, but there could be a more imperative check if(user.CanView(course)) - I'd have to think about the best way to implement. On one hand you could have a role defined for each course, and place users into those roles when they are allowed to view the course. I think MemFlex could do this well, but just not sure "roles" are the right way to go for the scenario. It might be better to have "permissions" for a course (view, edit, delete), etc, but it all depends on knowing more about the problem.

[rickardliljeberg]

There is indeed a MySQL connector to EF that works really really well, I am using it in another project. But since I am still learning this whole membership thingie ;-) I am not quite up for the translation yet.

I think you are right that some form of permissions is a better option. I think in my case a sort of permission that allows both a group and a single user to be allowed might be a good solution. Then the question is if the "group" should be a role or a separate group of some sort.

But my problem description is really quite short. superadmin can view/edit/view anything. customeradmin can view/edit/create what that customer has access to. But then we have my customers customers... the end user of the system, the ones who actually view the courses. and they need to have some form of permission system where the customeradmin can allow them (or whole groups of them) to see a certain course.

Since I am still learning membership methodology I am a bit unsure of where to tie in the other permissions.

basically one customer of mine, lets call him companyA has many customers in turn, lets call them companyX, companyY and comopanyZ.

Now companyA has an admin, who has created some courses. now this one course about learning how to put out a fire should be accesible to everyone from companyX and some from companyY but NONE from companyZ.

my customer companyA also have other courses. so basically he needs a system with users and be able to group them, and then give them permissions to courses (view is only thing really)

Super thanks for taking the time to help me here, really appreciated!

[OdeToCode]

Two different perspectives:

From a high level I'd say you'll want to separate authentication and authorization. Authentication can be provided by Memflex as a way to identify users, save credentials, allow them to login via Facebook, etc. Once you know who a user is, authorization for your app sounds much more complex than any off the shelf "role provider" (at least that I know of), so you'll probably need custom code for the additional flexibility and orient that software towards permissions instead of roles.

From a low level you could use Memflex or other membership providers for the authentication, but you'll need a way (typically a foreign key relationship since you are using MySql) to find a user's permissions and other information (like what organization they roll up into, like the companyY, companyZ identifier). I can see these as tables you'd join into.

I can imagine you'll need a table with permissions (edit, view, manage others), and of course a join table that maps a user to a those permissions, and code inside your application like user.IsInOrganization and admin.CanManageOther(currentUser).

Not sure if this is helping since it could easily be a 100 page paper, but I hope it gives you some ideas.

[rickardliljeberg]

Yes I think it reflects what i have guessed, now I just need to really dig in and get in to memflex and understand authentication and then how to tie into it with my own permission.

Thanks!

[rickardliljeberg]

I can add here that one of the annoyances with MySQL EF support is that it wont support migrations so code first becomes annoying. But you can get it to work with memflex I never bothered but rather swapped to mssql