AuthorizationRule not executing when the object is a child?

AuthorizationRule not executing when the object is a child?

Old forum URL:

Dane posted on Saturday, February 11, 2012

I have a simple rule OwnerPermissionRule which inherits AuthorizationRule and is always used as a class level rule.  I've verified that the rule is working as designed when applied to a class which inherits BusinessBase.  When using OwnerPermissionRule with a second BusinessBase implementation I've found that the rule is not executing.  The only significant difference between usages is that the first is always used as a root object and the second is always a child object to a class which implements BusinessListBase.  It seems that being a child object somehow effects class level rules or maybe rules which inherit AuthorizationRule but I'm not sure how or why.  I have various other property level rules which inherit RuleBase and those seem to function correctly with both root and child instances.  Obviously I'm missing something.  Any thoughts you might have will be appreciated.


Dane R. Vinson

JonnyBee replied on Saturday, February 11, 2012


Only the "root" DataPortal enforces the CreateObject, GetObject, EditObject, DeleteObject authorizations.

If you want to enforce these on child object you must do the checks in code by calling BusinessRules.HasPermission.
IE: The "child" DataPortal does not check authorization rules - only the "root" DataPortal does!!

ReadProperty and WriteProperty authorizations is enforced by GetProperty/SetProperty and works the same no matter of root or child object.

ExecuteMethod authorization must always be checked for in your code by calling CanExecuteMethod on your BO. .

Copyright (c) Marimer LLC