[System.Security.SecurityException] = {"Property set not allowed (RolePermissionsID)"}

neel.sawant posted on Wednesday, November 07, 2012

   at Csla.Core.BusinessBase.CanWriteProperty(IPropertyInfo property, Boolean throwOnFalse)
   at Csla.Core.BusinessBase.SetProperty[P](PropertyInfo`1 propertyInfo, P newValue, NoAccessBehavior noAccess)
   at Csla.Core.BusinessBase.SetProperty[P](PropertyInfo`1 propertyInfo, P newValue)

{Boolean CanWriteProperty(Csla.Core.IPropertyInfo, Boolean)}

RockfordLhotka replied on Wednesday, November 07, 2012

That is a totally valid exception. I'm assuming you posted it to illustrate some unspoken question?

neel.sawant replied on Thursday, November 08, 2012

Hi,

I am facing above issue. while assigning values to property.

var item = (RolePermission)Activator.CreateInstance(typeof(RolePermission), true);

// getting error here
item.RolePermissionsID = reader.GetGuid("RolePermissionsID");

JonnyBee replied on Thursday, November 08, 2012

The Exception is caused by either an AuthorizationRule or override to CanWriteProperty that denies the user from editing the property value.

In your mapping from DataAccess to BO you should bypass the authorization rules by :

using LoadProperty to set the value
use BypasssPropertyChecks

BypassPropertyChecks may be used like this inside the Item class:

        private void MapToItem(SafeDataReader reader)
        {
            using (BypassPropertyChecks)
            {
                RolePermissionsID = reader.GetGuid("RolePermissionsID");
            }
        }

neel.sawant replied on Thursday, November 08, 2012

Following is the code lines which give me the above mentioned error

objExpressDemo.CompanyInsert(objLReqLogDt, objReqCompany);

foreach (System.Reflection.PropertyInfo prp in props)

{

TimesheetHR.Business.Security.Permissions.IsMandatory(Roles.GetRolesForUser(objReqLogin.UserName), prp.ReflectedType.Name, prp.Name);

}

RolePermissionList objRoles = RolePermissionList.GetIsManditory(objCriteria);

public static RolePermissionList GetIsManditory(RolePermissionCriteria criteria)

{

RolePermission item;

RolePermissionList listitem = NewList();

try

{

using (SqlConnection connection = new SqlConnection(ADOHelper.ConnectionString))

{

connection.Open();

using (SqlCommand command = new SqlCommand("[dbo].[p_RolePermission_GetIsManditory]", connection))

{

command.CommandType = CommandType.StoredProcedure;

command.Parameters.AddRange(ADOHelper.SqlParameters(criteria.StateBag));

command.Parameters.AddWithValue("@EntityHasValue", criteria.EntityHasValue);

command.Parameters.AddWithValue("@AuthorisationActionHasValue", criteria.AuthorisationActionHasValue);

command.Parameters.AddWithValue("@ExtendedAttributesHasValue", criteria.ExtendedAttributesHasValue);

command.Parameters.AddWithValue("@DateUpdatedHasValue", criteria.DateUpdatedHasValue);

command.Parameters.AddWithValue("@UserUpdatedHasValue", criteria.UserUpdatedHasValue);

command.Parameters.AddWithValue("@DateDeletedHasValue", criteria.DateDeletedHasValue);

command.Parameters.AddWithValue("@PermissionGrantedHasValue", criteria.PermissionGrantedHasValue);

using (var reader = new SafeDataReader(command.ExecuteReader()))

{

while (reader.Read())

{

item = Map(reader);

listitem.Add(item);

}

catch (Exception ex)

{

}

return listitem;

}

private static RolePermission Map(SafeDataReader reader)

{

var item = (RolePermission)Activator.CreateInstance(typeof(RolePermission), true);

try

{

item.RolePermissionsID = reader.GetGuid("RolePermissionsID");

item.OriginalRolePermissionsID = reader.GetGuid("RolePermissionsID");

item.Entity = reader.GetString("Entity");

item.AuthorisationAction = reader.GetString("AuthorisationAction");

item.RoleName = reader.GetString("RoleName");

item.ExtendedAttributes = reader.IsDBNull("ExtendedAttributes") ? (System.String)null : reader.GetString("ExtendedAttributes");

item.DateCreated = reader.GetDateTime("DateCreated");

item.UserCreated = reader.GetGuid("UserCreated");

item.DateUpdated = reader.IsDBNull("DateUpdated") ? (System.DateTime?)null : reader.GetDateTime("DateUpdated");

item.UserUpdated = reader.IsDBNull("UserUpdated") ? (System.Guid?)null : reader.GetGuid("UserUpdated");

item.DateDeleted = reader.IsDBNull("DateDeleted") ? (System.DateTime?)null : reader.GetDateTime("DateDeleted");

item.PermissionGranted = reader.IsDBNull("PermissionGranted") ? (System.Boolean?)null : reader.GetBoolean("PermissionGranted");

}

catch (Exception ex)

{

}

return item;

}

When I tried your above solution in business it is not allowing me to use using syntax with using (BypassPropertyChecks)? could you help on the same

JonnyBee replied on Thursday, November 08, 2012

Hi,

You have to understand that the BusinessObject does not know if it is the user (databinding/UI) or the data access code that tries to set the property value.

CSLA endorses encapsulation, in your case - the suggested handling is to send the DataReader to a method on the businessobject and then it is the objects responsibility to read from the data reader and set its properties. This way the business object will know that it is now loading data and have access to either

LoadProperty or
use BypassPropertyChecks

to safely set the propertys value - even iwhen the user is not allowed to edit the value.

You can also create an ObjectAccessor class that inherits from ObjectFactory to provide helper methods to access LoadProperty / BypassPropertyChecks. But this accessor does NOT come out of the box. The ObjectFactory class is a patten you might want to look into more closesly as it seems that this may be in your mindset but not what you are using. You should use the DataPortal properly!!!

I do reccommend the CSLA 4 Ebooks:

Using CSLA 4 - Data Access (describes both DataPortal_XYZ methods and ObjectFactory)
Using CSLA 4 - Business Objects (on desgining business objects and business rules).
Using CSLA 4 - Data Portal (on using and configuring DataPortal)