Deny all except?

ajj3085 posted on Wednesday, June 20, 2007

Hi,

I have a base class with a property.  Normally this property should be readonly.  On one subclass however, I need to allow a particular role to edit the property. 

My initial thought is to use DenyWrite on the baseclass, then on the one subclass add an AllowWrite.  The problem I'm runnin into is that DenyWrite takes a defined list of roles.   Yet if I don't use with Allow or Deny in the base class, all subclasses will allow writing of the property.

I'm stumped how to acomplish this.

ajj3085 replied on Wednesday, June 20, 2007

I found a solution to my problem, but it relies on Windows authentication.  It should be possible to work it into a Csla based authentication though.

Basically in the base class, I DenyWrite to the Everyone role (to which all users in Windows are a member).  In the relevent subclass, I can use AllowWrite to add in the single role that can edit the property.

RockfordLhotka replied on Wednesday, June 20, 2007

I think you could also do AllowWrite("SomeFakeRoleThatDoesn'tExist")

This would effectively block everyone, since that role has no members.

Then you could later do AllowWrite("AdminRole") to allow that specifc role to also have access.

ajj3085 replied on Wednesday, June 20, 2007

I thought about that too, but I choose the DenyWrite method to make it more clear what I was trying to acomplish.