Is there a Per-Type CanWriteProperty Technique?

Is there a Per-Type CanWriteProperty Technique?

Old forum URL: forums.lhotka.net/forums/t/5519.aspx


rahulbpatel posted on Thursday, October 02, 2008

I don't know if this has been covered already but I couldn't find it searching the forum.  Is there a way in version 3.5 to set AllowWrite/DenyWrite for properties at the type scope and then check in the UI if the current user has access to edit a particular property?   What I'm trying to do is set the authorization for a business class and then hide/show certain fields based on the authorization rules.  I currently have this code in my business class:

public class MyBusinessClass : BusinessBase<MyBusinessClass>
{
 protected override void AddAuthorizationRules()
    {
      // TODO: add authorization rules
      //AuthorizationRules.AllowWrite("", "");
      // These users cannot use a budget code
      AuthorizationRules.DenyWrite("Property1", "Role1");
      AuthorizationRules.DenyWrite("Property1, "Role2");
      AuthorizationRules.DenyWrite("Property1, "Role3");
    }
}

I would like to be able to call in my UI:

InputTextBox.Visible = MyBusinessClass.CanWriteProperty("Property1")

Current I can only do this if I have an instance of the class.

Thanks...



RockfordLhotka replied on Thursday, October 02, 2008

I would consider the per-type CanEditObject() in 3.6 to match your request. That indicates whether the user is allowed to edit (call Save() on) the object or not.

If that is true, then the per-property rules have meaning. If that is false, then the user shouldn't get to edit the object at all.

rahulbpatel replied on Monday, October 06, 2008

Does this scenario makes sense?  In an ASP.NET web app I would like to insert a record via a FormView control.  Depending on the role the user is in they maybe only to set certain fields.  So when the load FormView is initially created, I would like to set the visibility of inputs in the FormView.ItemCreated event.  If I could do this via static/type-scope methods then I wouldn't need to instantiate an object at this point. 

JonnyBee replied on Saturday, October 04, 2008

I will agree with Rocky. In a WinForms application you should use the ReadWriteAuthorizationManager to do exectly what you described here. Using the RWAM you vould only write one line of code instead of writing code for each input control.

I have also overridden the CanWriteProperty/CanReadProperty for instance methods to check the data content and the tell the UI if the properties are editable/readable.

Another option is to create your own bool properties (AllowRead../AllowWrite...) per field and use databinding on the Visible/Enabled/ReadOnly properties in the UI.

The reason I like to override the CanRead.../CanWrite.. in my BO is that in this way my BOs will proptect themselves and throw an exception if the user/ui/calling code is not allowed to read/change a property.  I prefer to have this loginc in the BO and use the RWAM to do all the UI control setting (ReadOnly/Enabled/Visible).

/jonny

Copyright (c) Marimer LLC