multiple authorize roles on Controllers and Actions or multiple Roles for an user?_问答_开发者

multiple authorize roles on Controllers and Actions or multiple Roles for an user?

开发者 https://www.devze.com 2023-04-04 01:38 出处：网络

I am trying to come up with the best practice on how to set up roles for my controllers and actions. We have a debate in our office. Should we give one role to the user and decorate our controllers a

I am trying to come up with the best practice on how to set up roles for my controllers and actions.

We have a debate in our office. Should we give one role to the user and decorate our controllers and actions with a list开发者_运维百科 or roles, or viceversa, multiples roles to an user and have controllers/actions decorated with the minumum access role required?

In my experience, it has been better to allow a user to assume multiple roles. This is the most flexible approach, and it will avoid an explosion in the number of roles in the system, because different people often wear different hats within an organization. This also simplifies your controllers/actions because you only need at most one role per.

I think this depends entirely on what you want your users to be doing. Is a person in an admin role only going to be able to do admin type things or everything?

We had a similar issue come up and we decided to go with 4 different roles and assigned multiple roles to users based on what they needed access to.