本文介绍了如何实现一个邀请code与其他用户共享的资源?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们希望能够为我们的Web应用程序与新的或其他用户共享内部资源。我们希望通过实施邀请code做到这一点。我已经看到了这实施了许多次才在其他应用程序(谷歌文件为例),在那里你发送邀请code给其他用户,而其他用户将拥有一切进入​​第一个用户同意。

我相信必须有一个模式,或最好的办法已经记录的地方,我只是需要合适的语言来寻找它。会不会有人能指出我朝着正确的方向吗?下面是使用情况:

  1. 在用户的一个(用户1)具有多个空格的帐户。
  2. 用户1要共享一个特定的空间(space9)与用户2(是或不是用户表)。
  3. 在用户1发送邀请函code到用户2的电子邮件。
  4. 用户2寄存器和进入的链接邀请code或点击到注册邀请code。
  5. 在用户2访问space9并且只space9,没有任何其他的空间寄存器用户1。

修改1:(可能的算法使用基于马克答):

在我的域模型我有用户和帐户,每个用户都有0或多个帐户。然后我们也有SharedSpace,每个用户都有0或更多的份额空间,每个帐户可以有0个或多个ShareSpace的。现在ShareSpace的将包含(inviation code,空间code,活跃(是),过期,电子邮件(份额)。

谁拥有一个账户(acct1)任何用户能够以

共享空间

  acct1.shareSpace(空间codeToShare,Emailofusertosharewith);
 

    

      
  1. 创建和发送邀请,code到电子邮件
  2.   
  3. 如果用户已注册,他激活了code或者点击或进入它(使用授权或customAuthorize属性和的IPrincipal以prevent未经授权的访问)。
  4.   
  5. 如果用户不登记,然后他登录并创建后,该用户的用户条目,然后他激活了code。
  6.   
  7. 如果用户从未激活C上的code中的$ C $届满,工作状态切换为false。
  8.   

你以为我失去了什么,它看起来更简单,比我想象的要?

解决方案

这听起来好像权限方面是最好的使用建模的访问控制列表(访问控制列表)。每个资源只是有一个相关联的访问控制列表,默认情况下,只有原来的主人有权限的资源。

当你发出邀请函code,你录制code与它一起重新presents的权限。您将需要记录在耐用商店协会(如数据库)。

当被邀请用户激活邀请code,你提拔你记录到一个真正的权限的潜在权限。

我写了更多关于基于ACL的安全here和here.

We want to be able to share resources inside our web application with new or other users. We want to do this by implementing an invitation code. I have seen this implemented many times before in other applications (google docs for example), where you send an invitation code to another user and that other user will have whatever access the first user agreed.

I am sure there has to be a pattern, or best approach already documented somewhere, I just need the right words to look for it. Will someone be able to point me in the right direction? Below is the use case:

  1. User one (user1) has an account with multiple spaces.
  2. User1 wants to share a specific space (space9) with User2 (which is or not on the user table).
  3. User1 sends an invitation code to the email of user2.
  4. User2 registers and enters the invitation code or clicks on the link to register with the invitation code.
  5. User2 has access to space9 and only to space9, not to any other space register for user1.

Edit 1: (Possible Algorithm to Use based on Mark Answer):

In my domain model I have User and Account and each user has 0 or more accounts. Then we also have SharedSpace, each user has 0 or more share space and each account may have 0 or more sharespace. Now Sharespace will contain (inviationCode, spaceCode, active (yes), expiration, email (share with).

Any user who has an account (acct1) is able to share space with

acct1.shareSpace("spaceCodeToShare","Emailofusertosharewith");
  1. Create and send invitation Code to email
  2. If user is registered, he activates his code either clicking or entering it (using authorize or customAuthorize attribute and IPrincipal to prevent unauthorized access).
  3. IF user is not registered then he logs in and after a user entry for this user is created then he activates the code.
  4. If user never activates the code the the code expires and the active status toggles to false.

Do you think I am missing anything, it looks more simple than I thought it would be?

解决方案

It sounds to me like the permissions aspect would be best modeled using Access Control Lists (ACLs). Each resource simply has a an associated ACL, and by default, only the original owner has a permission to the resource.

When you send out an invitation code, you record that code along with the permission it represents. You will need to record that association in a durable store such as a database.

When the invited user activates the invitation code, you promote the potential permission you recorded into a real permission.

I wrote more about ACL-based security here and here.

这篇关于如何实现一个邀请code与其他用户共享的资源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-28 02:26