Hello all,
I have one business object (BO1) that needs to load another business object (BO2) to obtain some data. The user may not have the required permission to load BO2, but that doesn't matter because BO1 is not going to expose BO2, it is just going to use BO2's data.
Can I write an internal factory method GetObject that doesn't check Authorization Rules? I read the book, a little while ago, and don't remember if there is a way to do this.
I don't want to create a ReadOnly object to load BO2 data because it's a big amount of data (several properties)
I'm using CSLA 4 for c#.
Thanks for the help.
I guess you can use a Command object.
I guess you can use a Command object.
I already have BO2, I don't want to make another object to use BO2 without authorization checking.
How a Command object would be different than make a ReadOnly object that brings the data I need?
The previous post was a wrong answer. Depending on your specific use case, I guess a read only object would also solve the problem.
No, there is no way to bypass the authorization check performed by the data portal. If you have a per-type rule controlling whether the current user can create or get a business object type that rule will be enforced by the data portal.
There's no reason not to create a separate object. Just create an internal interface and helper method; the helper method accepts an object of your interface and loads the data. In that way you can reuse the loading logic you have while having the two objects which have your differing behaviors.
I've also been searching to see if this problem can be overcome. Some way of overriding authorisation for internal methods would be really useful and promote using existing objects rather than rewriting existing object to achieve something very simple.
There is similar logic for bypassing property checks, why not authorisation on the dataportal?
Copyright (c) Marimer LLC