I'm trying to ensure only authorized roles can delete a 'User' (editable root). In the override or AddAuthorization rules I have the following (I assume ? is for anoymous and * is for everyone).
AuthorizationRules.AllowExecute(
"Delete", "AllowDeleteUser");AuthorizationRules.AllowExecute(
"DeleteUser", "AllowDeleteUser");AuthorizationRules.DenyExecute(
"Delete", "*");AuthorizationRules.DenyExecute(
"DeleteUser", "*");
However when calling
User.Delete();
User.Save();
or
User.DeleteUser(id);
Using someone who isn't in these roles I don't get an error? Do I have to call something in each DataPortal_XYZ method to check roles? What's the point then in even putting anything in the AddAuthorizationRules method; I figured this would all work automatically the way business rules checks work.
Also in ListBase is there a AllowAddItem, AllowDeleteItem method? I want to prevent users not in the right role from adding or removing child object items. They are allowed to edit the parent, and edit the children, but they can't add new items or remove current items...that's a different role.
Thanks
Thanks. I had a feeling that might be the answer but I was hoping I was wrong because I've come to expect that the CSLA will encapsulate all of this for me; the way business rules does.
Copyright (c) Marimer LLC