I am trying to code a simple blog using Asp.NET MVC Framework using C#.
It is a simple blog where users share posts and comments and administrators can hide, delete and edit posts and comments through an administration panel. So far so good.
I am also trying to give the administrators control over the users permissions where they can assign a user to one role or more. These roles should be definable by the administrators upon their creation, where they can tick a bullet list of granular permissions.
Examples of granular permissions are: hiding posts, deleting them, editing them, blocking a user, validating a newly registered user, etc. These permissions are hard coded into the application and are fixed.
I am seeking guidance as to how I can define these permissions and roles.
So thanks in advance.
It is very much depends on your system. I'd create roles for every permission CanHidePosts, CanDeletePosts, CanEditPosts. And use these because all the plumbing is mostly available to you via AuthorizeAttribute. But you'll have to give all permissions to admin users - because you you would want admins to be able to do everything without having to add them into every single role.
You can do the same with claims, but you'll have to do a bit more plumbing yourself.
The choice is yours - there is no wrong way here.