What method does Sitefinity use for its permissions layer?

Sitefinity employs virtual method interception for its permissions layer, which allows it to manage access control efficiently and flexibly. Virtual method interception is a programming technique where method calls to virtual methods can be intercepted and altered as they are made. This means that when a user attempts to perform an action, Sitefinity can dynamically check their permissions based on predefined rules, modifying the behavior of the method call depending on the user's role and rights.

This approach enables a more granular control over permissions, making it easier to implement complex permission structures that can adapt based on the context of the request, user roles, and other conditions. It also allows developers to write cleaner code by separating the permission logic from the business logic of the application.

The other methods listed do not effectively align with the needs of Sitefinity's permissions system. Direct data queries might expose sensitive information and lack the dynamic capability needed for real-time permission checks. Static code analysis is focused on examining code without executing it, which does not facilitate real-time permission evaluation. Message passing does not provide the fine-grained control necessary for a robust permissions framework in a content management system like Sitefinity.