Hi everyone,
I'm newbie to CSLA and trying to figure out the best approach to handle this scenario.
I have an object with four fields: field1, field2, field3, field4
I have N number of roles and N number of status. On status1, Role1 has access to field1, field2; then I allowWrite to those fields in my authorization rules, but field3, field4 are denyWrite. That work perfectly. The problem is that when I logout and the View(form) is open field3 and field4 are made available to user. I think that is because those fields doesn't have an allowWrite on them, and framework makes them available to everybody which is not denied.
And this is making me think that I am going to need writing the authorization rules for every role inside this object. Am I wrong? What if I have five roles with 15 properties on this object, that would be a lot of rules. I think my problem is having an object on which not all properties are allowWrite for the current role, but a mixed of allowWrite and denyWrite.
Thanks in advanced
I think you are going about it a wrong way. You are
looking at which Role denies access to the property, but instead you should be
trying to set up which role has access to the property.
Let me explain. Your Role1 is authorized to write field1
and field2 and denied write access on field3 and field4.
Now lets assume that you have Role two that has access to all 4
fields (field1, field2, field3, field4)
Your authorization should then be on field3 and field4 checking
whether user is in Role2 and only allowing write for that role. Then
Role1 is obviously denied access, as well as unauthenticated users (after
logout).
Nermin Dibek
From: PabloDiaz
[mailto:cslanet@lhotka.net]
Sent: Thursday, August 07, 2008 10:59 AM
To: Nermin Dibek
Subject: [CSLA .NET] AllowWrite - DenyWrite properties mixed on same
object
Hi everyone,
I'm newbie to CSLA and trying to figure out the best approach to handle this
scenario.
I have an object with four fields: field1, field2, field3, field4
I have N number of roles and N number of status. On status1, Role1 has
access to field1, field2; then I allowWrite to those fields in my authorization
rules, but field3, field4 are denyWrite. That work perfectly. The problem is
that when I logout and the View(form) is open field3 and field4 are made
available to user. I think that is because those fields doesn't have an
allowWrite on them, and framework makes them available to everybody which is
not denied.
And this is making me think that I am going to need writing the
authorization rules for every role inside this object. Am I wrong? What if I
have five roles with 15 properties on this object, that would be a lot of
rules. I think my problem is having an object on which not all properties are
allowWrite for the current role, but a mixed of allowWrite and denyWrite.
Thanks in advanced
Hi,
Let's see at this simple puzzle.
My object with four fields: field1, field2, field3, field4.
Role1 is AllowWrite field1 and field2 but not field3 nor field4.
The rest of roles can't write on any of the properties.
field3 and field4 are now a problem for me. Because they don't have any allowWrite rule applied on them.
Perhaps, I could do something dummy like:
AuthorizationRules.AllowWrite(
"field3", "dummyRole");Not specifying an existent role, this works but is ugly. Or my other choice would be setting the DenyWrite for every property and every role which could not be smart. Because you could have 7 roles and 15 properties.
What is the best way to handle this situation?
Thanks.
I think if you issue AllowWrite to a non-existing role, you will
end up with DenyAll rights?...
Sergey Barskiy
Principal Consultant
office: 678.405.0687 |
mobile: 404.388.1899
Magenic ®
Microsoft Worldwide Partner of the Year | Custom
Development Solutions, Technical Innovation
From: PabloDiaz
[mailto:cslanet@lhotka.net]
Sent: Thursday, August 07, 2008 1:15 PM
To: Sergey Barskiy
Subject: Re: [CSLA .NET] RE: AllowWrite - DenyWrite properties mixed on
same object
Is there something in CSLA like DenyWriteToAll?
I'm using CSLA2.0. Unfortunately, I can not move to the most recent
version.
Don't you think that solution is a little bit strange?
I basically suggested this because you did not want to list all
roles in DenyWrite which is the correct solution.
Sergey Barskiy
Principal Consultant
office: 678.405.0687 |
mobile: 404.388.1899
Magenic ®
Microsoft Worldwide Partner of the Year | Custom
Development Solutions, Technical Innovation
From: PabloDiaz
[mailto:cslanet@lhotka.net]
Sent: Thursday, August 07, 2008 2:18 PM
To: Sergey Barskiy
Subject: Re: [CSLA .NET] RE: RE: AllowWrite - DenyWrite properties mixed
on same object
Don't you think that solution is a little bit strange?
I think that I was just needing to hear it from the architect.
Thank you very much.
Copyright (c) Marimer LLC