a business object only have "CreateObject" AuthorizationRules,then invoke Save() method Error.
is it must have "CreateObjecet" and "EditObject" AuthorizationRules?
Authorization rules is not required in CSLA, they are optional.
What is the error message you get?
if the method like this:
public static void AddObjectAuthorizationRules()
{
Csla.Rules.BusinessRules.AddRule(typeof(ProjectEdit), new Csla.Rules.CommonRules.IsInRole(Csla.Rules.AuthorizationActions.CreateObject, "ProjectManager"));
}
you can't save this object.
This authorization rule only guards the invoke of DataPortal.Create<T> for a static NewXYZ method on the PropertyEdit object.
It has nothing to do with the Save method.
You can't save an object that has BrokenRules with severity Error. So most likely - you object (or child or grandchild) has validation errors and IsValid is false. This will cause DataPortal to throw an exception if Save is called on an invalid object.
if this object only have "CeateObject" Authorization Rules,but have not "EditObject" Authorization Rules,then can't save
must have "EditObject" Authorization Rules ,then can save
but my object demand only allow it have "CeateObject" Authorization Rules,so i can't save this object
my english very bad,sorry!
you see what i mean?
Well, you problem may be related to the code in Csla DataPortal:
if (bbase.IsNew) { methodName = "DataPortal_Insert"; if (!Csla.Rules.BusinessRules.HasPermission(Rules.AuthorizationActions.CreateObject, obj)) throw new System.Security.SecurityException(string.Format(Resources.UserNotAuthorizedException, "create", objectType.Name)); } else { methodName = "DataPortal_Update"; if (!Csla.Rules.BusinessRules.HasPermission(Rules.AuthorizationActions.EditObject, obj)) throw new System.Security.SecurityException(string.Format(Resources.UserNotAuthorizedException, "save", objectType.Name)); }
and when using ObjectFactory:
if (!Csla.Rules.BusinessRules.HasPermission(Rules.AuthorizationActions.EditObject, obj)) throw new System.Security.SecurityException(string.Format(Resources.UserNotAuthorizedException, "save", objectType.Name)); if (factoryType != null) if (obj is Core.ICommandObject) method = Server.DataPortalMethodCache.GetMethodInfo(factoryType, factoryInfo.ExecuteMethodName, new object[] { obj }); else method = Server.DataPortalMethodCache.GetMethodInfo(factoryType, factoryInfo.UpdateMethodName, new object[] { obj });
Meaning that in order to call Save:
If you use DataPortal_XYZ methods you need:
on a new object you need the CreateObject permission and
to Edit an existing object you need the EditObject permission.
If you use ObjectFactory attribute (the data access only calls the Update method on the ObjectFactory)
only checks for EditObject permission.
So CSLA have a different authorization check for DataPortal_XYZ and ObjectFactory data access.
Rocky will have to decide on whether this is bug or not that will be fixed in next version of CSLA.
We do faced the same issue and would be grateful if this is fixed. We know the ObjectFactory only has an Update method and this is probably the reason why CSLA only checks for EditObject. But maybe it is reason enough to add an Insert method (big breaking change, I know) that will check for the CreateObject permission...
Thanks!
Added to bugtracker: http://www.lhotka.net/cslabugs/edit_bug.aspx?id=998
Copyright (c) Marimer LLC