AuthorizationRules - A (simple) quick question.

gajit posted on Tuesday, January 02, 2007

I'm sure this is a common question, or rather the answer is widely known...

But I would like to implement some authorization rules based on the state of my BO in conjunction with a role.

So, I'd like to do something like...

If Me.isNew = False Then

   AuthorizationRules.DenyWrite("PHONE", "SALES")

End if

In this scenario, I do not want "SALES" to be able to edit a phone number if an object is not new. Could someone enlighten me as to the "correct" way of doing this? I suspect the above neither works nor is considered OO...

Many thanks,

Gaj.

 

 

Brian Criswell replied on Tuesday, January 02, 2007

Override CanReadProperty and CanWriteProperty to take into account the property name and the IsNew flag.  Sof if the property name is PHONE and !IsNew, then you return false.  Otherwise you return base.CanWriteProperty.

gajit replied on Tuesday, January 02, 2007

So I override the CanWriteProperty in my business object?

Now sure I know how to implement that.. wouldn't the remainder of my properties use the same overridden method? 

Confused.... :(

Sorry,

G.

 

 

gajit replied on Tuesday, January 02, 2007

OK, I think I've got it (Holmes!) :)

In my BO..

Public Overrides Function CanWriteProperty(ByVal propertyName As String) As Boolean

If Me.IsNew And propertyName = "PHONE" Then

Return False

Else

Return MyBase.CanWriteProperty(propertyName)

End If

End Function

Thanks Brian!

 

Brian Criswell replied on Thursday, January 04, 2007

Almost.  You are missing your sales role.  I also think that these cases lend themselves well to switch statements.

Public Overrides Function CanWriteProperty(ByVal propertyName As String) As Boolean

    Select Case propertyName

       Case "PHONE"

          Return IsNew Or Not Csla.ApplicationContext.User.IsInRole("SALES")

    End Select

    Return MyBase.CanWriteProperty(propertyName)

End Function