AuthorizationRule with IMemberInfo == null

AuthorizationRule with IMemberInfo == null

Old forum URL:

rxelizondo posted on Monday, August 01, 2011


I noticed that the "IsInRole" authorization rule does not force you to specify a property to associate the rule with, so I am able to write something like this:

BusinessRules.AddRule(new IsInRole(AuthorizationActions.WriteProperty, "Managers"));

My question what is the purpose for allowing something like that? At first I tough that doing that will make the rule apply to all properties on the object but this does not seem to be the case.

Thank you.

JonnyBee replied on Monday, August 01, 2011

The IsInRole rule does not check the AuthorizationActions within a context and if it is a valid combination. .

This overload is only really used for AutorizationActions on "object"  level,  methods line CreateObject, GetObject, EditObject and DeleteObject.

But BusinessRules.HasPermission will throw an exception if you mixup the AuthorizationActions for object level access and property/method level.

rxelizondo replied on Monday, August 01, 2011


Thanks Jonny,


Help me here... I realize that it may be a valid combination but I am having a hard time understanding how this:

BusinessRules.AddRule(new IsInRole(AuthorizationActions.WriteProperty, "Managers"));

makes any logical sense, I feel that the code above should throw a "ThisMakesNoSense" error on the spot! Regardless if I use WritePropertyReadProperty or ExecuteMethod since none of this AuthorizationActions are really applicable to "object" level?


But say for now that I do add a bussiness rule using "AuthorizationActions.WriteProperty" and "IMemberInfo == null", when would I expect the CSLA to automatically exiecute this rule for me?


JonnyBee replied on Tuesday, August 02, 2011

Csla will never execute this rule for you automatically and you will actually never get to execute this rule.

Authz rules that have IMemberInfo = null can only be executed by calling the static BusinessRules.HasPermission methods and will throw an error if AthorizationActions is ReadProperty, WriteProperty or ExecuteMethod.

So, yes - IsInRole and IsNotInRole could do a sanity check to prevent you from adding a "non-logical" rule. It could throw an ArgumentException.

Maybe Rocky can add some thoughts here?

Copyright (c) Marimer LLC