CSLA 3.8.4 Authorization rules - Code Implementation Confirmation

CSLA 3.8.4 Authorization rules - Code Implementation Confirmation

Old forum URL: forums.lhotka.net/forums/t/11214.aspx

jamie.clayton posted on Thursday, March 08, 2012

Just wanted to check my code is implemented correctly. I've found that if I don't create a method "AddObjectAuthorizationRules" any application menu logic that tests for permission will fail.

Me.ClientSearchToolStripMenuItem.Visible = _
Csla.Security.AuthorizationRules.CanGetObject(GetType(MyVIP.Library.Client))

   
#Region "Authorization Rules"
    
#If Not SILVERLIGHT Then
        ''' <summary>
        ''' Allows the specification of CSLA based authorization rules.  Specifies what roles can 
        ''' perform which operations for a given business object
        ''' </summary>
    	Private Shared Sub AddObjectAuthorizationRules()        
            ''More information on these rules can be found here (http://www.devx.com/codemag/Article/40663/1763/page/2).
    
            'Dim canWrite As String() = { "AdminUser", "RegularUser" }
            Dim canRead As String() = {"AdminUser""RegularUser""ReadOnlyUser"}
            'Dim admin As String() = { "AdminUser" }
    
            'AuthorizationRules.AllowCreate(GetType(Client), admin)
            'AuthorizationRules.AllowDelete(GetType(Client), admin)
            'AuthorizationRules.AllowEdit(GetType(Client), canWrite)
            AuthorizationRules.AllowGet(GetType(Client), canRead)
    	End Sub 
		
	Protected Overrides Sub AddAuthorizationRules()
            MyBase.AddAuthorizationRules()
            ''Identification
            'AuthorizationRules.AllowRead(_identificationProperty, canRead)
    
            ''Guid
            'AuthorizationRules.AllowWrite(_guidProperty, canWrite)
            'AuthorizationRules.AllowRead(_guidProperty, canRead)
    
            ''Address1
            'AuthorizationRules.AllowWrite(_address1Property, canWrite)
            'AuthorizationRules.AllowRead(_address1Property, canRead)
    
            ''Address2
            'AuthorizationRules.AllowWrite(_address2Property, canWrite)
            'AuthorizationRules.AllowRead(_address2Property, canRead)
    
            ''Suburb
            'AuthorizationRules.AllowWrite(_suburbProperty, canWrite)
            'AuthorizationRules.AllowRead(_suburbProperty, canRead)
    
            ''State
            'AuthorizationRules.AllowWrite(_stateProperty, canWrite)
            'AuthorizationRules.AllowRead(_stateProperty, canRead)
    
            ''PostCode
            'AuthorizationRules.AllowWrite(_postCodeProperty, canWrite)
            'AuthorizationRules.AllowRead(_postCodeProperty, canRead)
    
            ''Phone
            'AuthorizationRules.AllowWrite(_phoneProperty, canWrite)
            'AuthorizationRules.AllowRead(_phoneProperty, canRead)
    
            ''Fax
            'AuthorizationRules.AllowWrite(_faxProperty, canWrite)
            'AuthorizationRules.AllowRead(_faxProperty, canRead)
    
            ''Mobile
            'AuthorizationRules.AllowWrite(_mobileProperty, canWrite)
            'AuthorizationRules.AllowRead(_mobileProperty, canRead)
    
            ''Email
            'AuthorizationRules.AllowWrite(_emailProperty, canWrite)
            'AuthorizationRules.AllowRead(_emailProperty, canRead)
    
            ''ObsoletePassword
            'AuthorizationRules.AllowWrite(_obsoletePasswordProperty, canWrite)
            'AuthorizationRules.AllowRead(_obsoletePasswordProperty, canRead)
    
            ''LastUpdatedDate
            'AuthorizationRules.AllowWrite(_lastUpdatedDateProperty, canWrite)
            'AuthorizationRules.AllowRead(_lastUpdatedDateProperty, canRead)
    
            ''LastUpdatedByUserID
            'AuthorizationRules.AllowWrite(_lastUpdatedByUserIDProperty, canWrite)
            'AuthorizationRules.AllowRead(_lastUpdatedByUserIDProperty, canRead)
    
            ''IsInternational
            'AuthorizationRules.AllowWrite(_isInternationalProperty, canWrite)
            'AuthorizationRules.AllowRead(_isInternationalProperty, canRead)
    
            ''FullName
            'AuthorizationRules.AllowWrite(_fullNameProperty, canWrite)
            'AuthorizationRules.AllowRead(_fullNameProperty, canRead)

        End Sub
    
#End If

Protected Overrides Sub AddBusinessRules()
            ' Call the base class, if this call isn't made than any declared System.ComponentModel.DataAnnotations rules will not work.
            MyBase.AddBusinessRules()
 
            If AddBusinessValidationRules() Then Exit Sub
    
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_address1Property, 100))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_address2Property, 100))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_suburbProperty, 50))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_stateProperty, 3))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_postCodeProperty, 12))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_phoneProperty, 50))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_faxProperty, 50))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_mobileProperty, 20))
            ValidationRules.AddRule(AddressOf Global.Csla.Validation.CommonRules.StringMaxLength, New CommonRules.MaxLengthRuleArgs(_emailProperty, 100))

        End Sub

RockfordLhotka replied on Thursday, March 08, 2012

How does it fail? Does CanGetObject throw an exception?

jamie.clayton replied on Thursday, March 08, 2012

Rocky,

It doesn't generate an error, I thought it was generating the wrong true/false result. After much *pie on face* I determined that the VS2010 debug environment is incorrectly returning the value for the Strip Menu Item Visible property. Looks like rollover variable declaration, debug window and Locals report the default value as "False" rather than the value I have configured. DOH!

Me.ClientSearchToolStripMenuItem.Visible

So CanGetObject returns the correct value. So the code in CodeSmith Generator is correct for AddAuthorizationRule and the issue I suggested is wrong.

Protected Overrides Sub AddAuthorizationRules()
     
            ''More information on these rules can be found here (http://www.devx.com/codemag/Article/40663/1763/page/2).
    
            'Dim canWrite As String() = { "AdminUser", "RegularUser" }
            Dim canRead As String() = {"AdminUser""RegularUser""ReadOnlyUser"}
            'Dim admin As String() = { "AdminUser" }
    
            'AuthorizationRules.AllowCreate(GetType(Client), admin)
            'AuthorizationRules.AllowDelete(GetType(Client), admin)
            'AuthorizationRules.AllowEdit(GetType(Client), canWrite)
            AuthorizationRules.AllowGet(GetType(Client), canRead)
    	
            ''Identification
            'AuthorizationRules.AllowRead(_identificationProperty, canRead)
    
            ''Guid
            'AuthorizationRules.AllowWrite(_guidProperty, canWrite)
            'AuthorizationRules.AllowRead(_guidProperty, canRead)

End Sub

Drags tail between legs....Thanks for the prompt to prove myself wrong...again.

Copyright (c) Marimer LLC