Hi everybody,
We're currently evaluating the use of CSLA for the revamped version(inline ASP to ASP.NET) of an existing web-application. I love the frameworks as is...no doubt about it but am curious to know if anybody has used it in a scenario where the permissions that users have for an object are dynamic?
Example, we would have an entity called 'Project' and in turn this project would have child entities called "ProjectOfficer" and "ProjectStatus". Now all users should have permissions to view this Project except when the project is in 'draft' status. If it is in 'draft' status, then only the projectofficer should be able to view it.
This example is a small subset of the dynamic permission checks the application needs to do. Do you'll think CSLA can be used in such a scenario?
Many thanks in advance for the replies,
Hiren
The CanReadProperty() and CanWriteProperty() methods are virtual. So you can override them in your class to customize how authorization works.
In your case you may look at the status of the object and return true when in "draft" mode, otherwise delegate the call to the base implementation that uses roles.
Thanks for that Rocky!
Moreover, in your opinion what's the best way for the BL to handle a situation where the UI tries to create a Project object for an existing project where the current user doesn't have the permission to view? Should the permissions for the user be evaluated at the property level for that object or should the object creation itself be resisted?
Copyright (c) Marimer LLC