Per-Instance Authorization Rules for Child Classes

Per-Instance Authorization Rules for Child Classes

Old forum URL: forums.lhotka.net/forums/t/7553.aspx


Lucas posted on Tuesday, September 01, 2009

Hi everyone,

Authorization rules for our application are loaded from a database table. This table contains the parent_id and the Active Directory (AD) group associated with it.

We've implemented the parent class authorization functions without a hitch. The problem we are facing is with the child class authorization. We need a way to pass the parent id to the child class when the child is created, edited and deleted. We need to know the parent id in order to query our authorization database table to retrieve all AD roles associated with the parent object. We then call IsInRole for every returned AD group. If the user is part of one of the groups, then the user can create, edit and add child objects for that parent. Our users can get (read) all parent and child objects without any restrictions.

Any ideas would be greatly appreciated.

Thanks ;-)

RockfordLhotka replied on Tuesday, September 01, 2009

If you are using the child data portal (like DataPortal.CreateChild<T>()) then you can pass arbitrary parameters to DataPortal.CreateChild() and they'll be delivered to your Child_Create() method as parameters.

Copyright (c) Marimer LLC