Bug in Csla 4.5.700 - DataPortalOperationExtensions

Bug in Csla 4.5.700 - DataPortalOperationExtensions

Old forum URL: forums.lhotka.net/forums/t/12863.aspx

ajj3085 posted on Wednesday, April 15, 2015

I think there's a bug in the DataPortalOperationExtensions class in 4.5.700.  The line is 29:

       switch (operation)
      {
        case DataPortalOperations.Create:
          return AuthorizationActions.CreateObject;
        case DataPortalOperations.Fetch:
          return AuthorizationActions.GetObject;
        case DataPortalOperations.Update:
          return AuthorizationActions.EditObject;
        case DataPortalOperations.Delete:
          return AuthorizationActions.CreateObject;
        case DataPortalOperations.Execute:
          // CSLA handles Execute/CommandObject as Update operations
          // - this is the permission that the client DataPortal checks.
          return AuthorizationActions.EditObject;
        default:
          throw new ArgumentOutOfRangeException("operation");
      }

If operation is Delete is returning AuthorizationActions.CreateObject but I think it should be AuthorizationActions.DeleteObject instead.

JonnyBee replied on Thursday, April 16, 2015

Hi Andy,

Definitley a bug. 

Added issue: https://github.com/MarimerLLC/csla/issues/341 

Copyright (c) Marimer LLC