Suppose I have an entity Product ,and each product has a Category (which as category_id , cat_name ). Suppose I build permission of operation /Category/Read on Category , and permission of operation /Product/Read on Product . Will the IsAllow of operation /Product/Read be determined by both permission on the product and permission of Category ?
the requirement is that some uses should only see some of the categories but not all . if a user cannot see a category , then all products that are associated with thee category will be invisible to that user also .
How should I implement this in Rhino Security ?
No, a permission is allowed either globally, on an entity group, or an individual entity. It doesn't know about parents or children of the entity.
You should probably create an entity group and put all of the protected products and categories in there.
Give privileged users /Category/Read and /Product/Read permission on the entity group and deny those operations to everyone else.
Hope this helps