Approach for providing restricted privilege to application users

Question

I have a desktop application developed in WPF that has several views displayed as MDI child to the Shell. It is not developed in a Composite/Modularized approach. When the application opens, all the views are ready to be accessed. The application has an Admin user and several Operators.

The requirement is that the Admin user will assign some restricted privileges to the Operators which will specify –

1. Which Operators can access/open which Views, and
2. Which Operators can perform which actions in the allowed Views

My thought up to this point is to –

1. Storing the operator-privilege information in the database
2. On loading, storing the currently logged-in user’s privilege info at somewhere application-level
3. For the Shell, checking the privilege info at application-level and setting visibility bindings to different View-access buttons according to the info
4. For individual Views, checking the privilege info at ViewModel-level and setting visibility bindings to the action buttons according to the info

Is there a better approach for implementing such a scenario?

Answer 1

Your approach sounds like pretty much OK to me, except for the fact that in addition to hiding several UI elements such as buttons, I would also do checking if operations can be performed by the current user in the ViewModel layer, before actually executing them.

This means that your Commands should have a CanExecute() that goes thru your permission validation logic and returns true or false. This is an important security measure, IMO, because UIElements can easily be altered at runtime using tools such as Snoop. Take a look at this answer How to Snoop proof your wpf application?