Sample on how to apply Groups with roles on controller checking

[winecraft]

Hi, I finally understood your groups, took me a couple of times peeking at code and reading your website docs.

But its not clear on how to implement the groups authorization in conjunction with roles on a controller

For e.g. if we had 2 groups that need to only return and authorize their managers, how would this be modeled exactly ?

1. Group one, to only find and authorize Homedepots managers
   Group = HomeDepot
   Role = Manager
   Users = Hank, Harry etc.
2. Group two,
   to only find and authorize Walmarts managers and walmarts employees/users
   Group = Walmart
   Role = Manager
   Users = John, Jake etc.

I need to implement the company at a group level, and then these tasks. Can you help me with them..

• What would (a sample) my group declaration be?
• What would my controller authorize attribute be, would it simply be roles? I ask because I want to check against Group [HomeDepot+MgrRole] and not just Manager role... which defeats the purpose of groups
• How can I get only managers inside Walmart, and users/employees inside walmart?
• How can I find which all groups a user and a role belong to?
• How can I get all the roles for a user, his list of access to 1) directly as part of a role 2) indirectly via groups

[xivSolutions]

Hmmm. The multi-tenant aspect of this introduces a few different challenges to my original concept.

As I mentioned in another issue, I am currently in the process of moving cross-country, so I won't be able to really look at code for a few days yet.

Let me mull this over though, and we can maybe figure something out.

You may need to move towards a claims-based auth strategy or something.