Themis, a bit dipper dive

Posted on February 27, 2011 · 2 mins read · tagged with: #authorization

I just committed some new code for Themis examples, which for now on, will be also an integration tests. The whole case is about values which are allowed for some roles.

Let’s take a case where there are two types of users: Admins and standard users, for the sake of briefness called Users. Let Admins are allowed to choice an offer type between Internal and External, and a standard user’s choice is narrowed to one value: Internal. How can a domain be modeled to handle it easily? First of all roles are needed:

public class AdminRoleDefinition : RoleDefinitionBase<Admin>
{
    public AdminRoleDefinition( )
    {
        ValueIsAllowed(OfferType.Internal);
        ValueIsAllowed(OfferType.External);
    }
}

public class UserRoleDefinition : RoleDefinitionBase<User>
{
    public UserRoleDefinition( )
    {
       ValueIsAllowed (OfferType.Internal);
    }
}

What’s the method ValueIsAllowed? It’s a simple, internal extension method, setting the possible value, using an markup demand.

public static class ServiceExtensions
{
    public static TValue[] GetAllowedValues<TValue>(this IDemandService @this, params object[] roles)
    {
        return @this.Evaluate<AllowedValueDemand<TValue>, TValue>(
                AllowedValueDemand<TValue>.Instance, roles);
    }
}

internal sealed class AllowedValueDemand<TValue> : IDemand<TValue>
{
    public static readonly AllowedValueDemand<TValue> Instance = new AllowedValueDemand<TValue>();
}

Having all this configured, now one can query a demand service for allowed values for a specific drop-down! It could be also done on the filtering basis with NHibernate, but it was an example how simply extensible Themis is.