CSLA 4 Authorization

CSLA 4 Authorization

Old forum URL: forums.lhotka.net/forums/t/9850.aspx


Jaans posted on Friday, December 10, 2010

Quick question.

In CSLA 3.x we had InstanceDenyRead / InstanceDenyWrite. What's the equivalent for that in CSLA 4.0?

Thanks

RockfordLhotka replied on Friday, December 10, 2010

In CSLA 4 there are only per-type rules.

But a per-instance rule is really a per-type rule that takes into account various elements of state about the current instance. And since CSLA 4 authorization rules can look at the entire object (and any other ambient state), it is quite realistic to think that you can create an authorization rule that grants/denies access based on the overall state of the object.

Then just attach that rule to your property's read or write action and you should be good to go.

Jaans replied on Friday, December 10, 2010

Thanks Rocky

What I actually meant is, what is the equivalent of the "Deny" part?

We have the CommonRules.IsInRole which is equivalent for for CSLA 3.8's "Allow", but what about "Deny" - I'm not sure whether the IsNotInRole is semantically the same.

RockfordLhotka replied on Friday, December 10, 2010

Inside the framework there's now just a HasPermission concept, that ends up being true/false. So HasPermission(read), HasPermission(write), etc.

The IsInRole rule returns true if the user has the role. The IsNotInRole returns true if the user is not in the role.

So yes, IsNotInRole is basically a deny.

Copyright (c) Marimer LLC