Quick question.
In CSLA 3.x we had InstanceDenyRead / InstanceDenyWrite. What's the equivalent for that in CSLA 4.0?
Thanks
In CSLA 4 there are only per-type rules.
But a per-instance rule is really a per-type rule that takes into account various elements of state about the current instance. And since CSLA 4 authorization rules can look at the entire object (and any other ambient state), it is quite realistic to think that you can create an authorization rule that grants/denies access based on the overall state of the object.
Then just attach that rule to your property's read or write action and you should be good to go.
Thanks Rocky
What I actually meant is, what is the equivalent of the "Deny" part?
We have the CommonRules.IsInRole which is equivalent for for CSLA 3.8's "Allow", but what about "Deny" - I'm not sure whether the IsNotInRole is semantically the same.
Inside the framework there's now just a HasPermission concept, that ends up being true/false. So HasPermission(read), HasPermission(write), etc.
The IsInRole rule returns true if the user has the role. The IsNotInRole returns true if the user is not in the role.
So yes, IsNotInRole is basically a deny.
Copyright (c) Marimer LLC