Instance Authorization Rules method fired on creation problem

Instance Authorization Rules method fired on creation problem

Old forum URL: forums.lhotka.net/forums/t/1292.aspx

Grant.Argy posted on Wednesday, September 20, 2006

The comapny I work for is building an application using the CSLA framework and an issue I have come up with and would like some help with is as follows:

We have a User business object and 2 built in system users that we want to stop the setting of to inactive and a number of other fields, so I created some authorization instance rules, but the user object is never completed before the AddInstanceAuthorizationRules method is called.

On the following shared function the dataportal fetch occurs after AddInstanceAuthorizationRules method is called and I test whether the instance is a system user. The problem is the Is System User field is not set at this stage.

Public Shared Function GetUser(ByVal UserId As Integer) As User
   If Not CanViewObject() Then
      Throw New System.Security.SecurityException(String.Format(Constants.NotAuthorizedMessage, Constants.ExecuteAction_View, GetType(User).Name))
   End If
   Return DataPortal.Fetch(Of User)(New CriteriaId(UserId))
End Function

Protected Overrides Sub AddInstanceAuthorizationRules()
   If _IsSystemUser Then
      With Me.AuthorizationRules
         .InstanceDenyWrite("Active", Constants.GenericRole)
       End With
   End If
   End Sub

Thanks

ajj3085 replied on Thursday, September 21, 2006

Hmm..

I think you may want to subclass these 'special' users.  Their behaviors are different.  Properties by themselves are not behavior, but whether or not the property can be changed is.  At least, that's my take.  Someone please correct me if I'm wrong.

Andy

triplea replied on Thursday, October 30, 2008

Sorry about resurrecting this old post but I have a similar question... Why is AddInstanceAuthorizationRules fired before a (dataportal) fetch? I fully agree with the above statement about properties but in my case I have a following structure:

Customer : BusinessBase<Customer>
|------->ShortCustomer : Customer
|------->FullCustomer : Customer

And I have lots of branches that have customers. So each customer has a Branch property and there are security checks on what users can edit on customers of specific branches. All other behaviour is common accross branches.

I  can add the checks in CanWriteProperty but thought it would be neater to be placed in AddInstanceAuthorizationRules.

Copyright (c) Marimer LLC