Perhaps I've misunderstood the concept of Roles in ASP.NET Identity and the database model, but I'm struggling to wrap my head around how to implement the following scenario: With ASP.NET Identity, it seems a User has permissions globally based on a Role, as opposed to permissions on a more granular level. I'm trying to implement a DB Schema in EF6 with Code-First where a User can be a member of several Groups. Instead of having a global Role however, I want the User to have one role in one Group, and a different Role in another.
For example, a User can create a Group, and therefore be the Group Admin, but could also be a Teacher in the Group and therefore be able to contribute Content. The same User could also be a Student in a different Group, and have different permissions in that Group as a result. Users can perform multiple Roles in a given Group, and their permissions should be based on their Role(s) within that Group.
From what I can see this isn't the intended structure for ASP.NET Identity, as I can't see how to limit the scope of a specific Role to a Group. Also, ideally I'd like to be able to assign a User to a Group, and then assign a Group of Users to another group, so for example I have a Group of Users and I assign that Group to a specific Role within another Group.
What I have in mind is a Membership table that has UserId, GroupId and RoleId to deal with mapping the Roles to specific Groups, but how would I extend that to have Roles inherited from Groups, and would I be able to leverage ASP.NET Identity to help me manage these Roles or do I have to cook my own solution up from scratch?
