Authorization 4 - AuthorizationActions

tiago posted on Wednesday, June 02, 2010

Hi Rocky,

There are a number of possible AuthorizationActions. Is there any kind of relation between them?

WriteProperty
ReadProperty - if I have no read permission, does it implicitly mean I also don't have write permission?

ExecuteMethod

CreateObject
GetObject - if I have no get permission, does it implicitly mean I also don't have edit permission?
EditObject - if I have no edit permission, does it implicitly mean I also don't have create permission?
DeleteObject

The answers to the questions above seem obvious although the edit/create relation might be not so obvious, depending on the exact meaning of create. The point is if we can rely on these behaviours. Are there specific unit tests for these cases?

RockfordLhotka replied on Wednesday, June 02, 2010

The rules and behaviors around these permission are the same as in 3.8.

• WriteProperty drives CanWriteProperty()
• ReadProperty drives CanReadProperty()
• ExecuteMethod drives CanExecuteMethod()
• CreateObject drives CanCreateObject()
• GetObject drives CanGetObject()
• EditObject drives CanEditObject()
• DeleteObject drives CanDeleteObject()

The ways in which the methods (like CanReadProperty() or CanEditObject()) are used did not change from 3.8 to 4. All that changed is that I opened up the rule system used to evaluate the results of those methods.