Authorizations

Authorizations

Old forum URL: forums.lhotka.net/forums/t/5561.aspx

k2so posted on Thursday, October 09, 2008

csla 3.5 .

I have the following,

BO:
Authorization rules added -
AllowCreate(typeof(BO));
DenyEdit(typeof(BO));
AllowDelete(typeof(BO));

BLB of this BO

UI: a datagridview bound to the BLB


How may I apply the authorization s.t. I allow the user to add any number of BO's to the list + edit any unsaved BO's; I allow delete any BO's from the list; but I DISALLOW edit of existing BO's?

And, please verify that I did specify the Authorization rules properly.

ajj3085 replied on Tuesday, October 14, 2008

I would override CanWriteProperty:

protected override CanWriteProperty( string propertyName ) {
     return !IsNew && base.CanWriteProperty( propertyName );
}

k2so replied on Tuesday, October 14, 2008

Yes, that would help.

I am still not sure how I may set the datagridview cells that are from the saved BO instances to readonly, and the new ones not readonly.

Can any1 help on this?

ajj3085 replied on Tuesday, October 14, 2008

Ah... items in a grid.  You should have some kind of RowInitialize or CellInitialize event from the grid.  Hook up to that, and for each instance coming in set the cell's ReadOnly (or equivolent) based on the result of CanWriteProperty for the BO.

k2so replied on Tuesday, October 14, 2008

Thanks!

I have come up with another approach, in each of the Set clauses of the properties, I have a IsNew check

            set
            {
                if (IsNew)
                {
                    SetProperty<string>(XXXProperty, value);
                }
            }


This seems to serve my objective also. But this means in the UI, users are allowed to edit the cells of a saved BO, just the value never gets updated after the edit, in contrast with a ReadOnly cell to disallow any edit at all.

sergeyb replied on Tuesday, October 14, 2008

I suspect you would need to subscribe to CellBeginEdit event of the grid, test to see if underlying object is in new state, and set e.Cancel to true if not.

 

Sergey Barskiy

Principal Consultant

office: 678.405.0687 | mobile: 404.388.1899

ajj3085 replied on Tuesday, October 14, 2008

I wouldn't go that route; you're silently ignoring a command to change the property value.

This means that developers can attempt to set that value, expect it to work, then wonder why the value is not changing.  That could lead to hard to find bugs.  If you ask an object to do something, you expect it to do what it's asked, or thrown an exception if the request is invalid. 

I really recommend going the route suggested earlier; overridng CanWriteProperty (so everyone is clear that you can't change the value on the instance at this time as they'll get an exception if you call the property setter) and setting your UI properly to set the cell to readonly if CanWriteProperty returns false.

k2so replied on Tuesday, October 14, 2008

I agree, and not only to developer, I reckon users would be confused with the UI not able to update the values too.

I decided to use the method you suggested, with overriden CanWriteProperty and a check at BeginEdit to cancel the event if the object is not new.

Thanks ppl.

Copyright (c) Marimer LLC