When I create a new instance of a business object, the authorization rules do not run. I have a custom authorization rule that changes access to a property based on the state of another property. This rule runs as expected when fetching an existing object and editing it, but it seems like the authorization rules are ignored when checking business rules for new objects. Is there a way to get the authorization rules to run for new objects?
Property level authorization rules is cached by default.
Depending on which version of CSLA you are using you must either
to tell the BO to NOT cache the result of the AuthorizationRule. .
Thanks for the response. I actually ran into that same issue when I initially wrote the custom authorization rules. I made sure that CacheResult returns false. This works as expected for editing existing objects. Unfortunately, the custom authorization rules do not run at all for new objects.
Hi,
Authorization rules do not run similar to business rules. Instance level AuthorizationRules is checked within the CanReadProperty/CanWriteProperty/CanExecuteMethod methods of the business object to determine if user is allowed to do the AuthorizationAction.
AuthorizationRules do not run as such when you call BusinessRules.CheckRules.
Can you show some sample code from your rules/business object?
Thanks for your quick response. I created a code sample that has only the relevant properties and authorization rules, but I don't feel comfortable posting it in a public forum (because of the type of project). Is there a way to send you a private message with the code?
Send private mail to jonny.bekkum(a)gmail.com
Thanks, will do.
Copyright (c) Marimer LLC