CanEditObject, CanGetObject etc on Child Objects

Tim FOrd posted on Thursday, July 27, 2006

Hi All,

I have a quick question, currently I have a business base object (Customer) and am using authorisations on the business object, i also have a AddressItem(BusinessBase) and Addresses(BusinessListBase). Addresses is a child object of Customer. Is it feasible to use CanEditObject, CanGetObject on the Addresses business object as well as on the Customer BusinessObject??

Any help would be great.

Thanks, Tim.

vargasbo replied on Thursday, July 27, 2006

Yes, you can add it to both. Just make sure you note that if you can edit the customer object, no point in checking the address object.

public bool CanEditObject(){
return Auth check here;
}

Tim FOrd replied on Thursday, July 27, 2006

See this is what i seem to be missing, and am not sure both ways, If the customer can be edited surely you might want control of the customer properties, for instance disabling the ability to edit the addresses even though you can see them. Does this make sense?? You say there is no point in checking the address object if you can edit the customer object but what about if you don't want the user to be able to edit the address under the customer?

Thanks for your response.

Tim.

vargasbo replied on Thursday, July 27, 2006

if the address object will always be a child object, then just place the check at the customer object. Didn't know if you were going to have the address object be a switchable object.

Tim FOrd replied on Thursday, July 27, 2006

Could you please explain a little more by what you mean putting the check in the customer object.

The address object is always going to be a child object to the customer.

In the customer i have CanEditObject which controls if the user can edit the customer, if the user can edit the customer then fine. on my UI i have a grid which lists some of the address information for the customer and when i double click on the grid i do an Address.CanEditObject check and if they can edit show a form and if they can't display a message.

Is this what you are refering to??

Thanks, Tim.

ajj3085 replied on Thursday, July 27, 2006

The answer to your question is: it depends.

Can your user edit some properties on the Customer, but NOT be allowed to edit the address object? If so, you should probably put the access properites on both Customer and Address, since they are independant of each other. If the user can always edit everything about the address, than no extra properties are needed on Address.

HTH
Andy

Tim FOrd replied on Thursday, July 27, 2006

Hi Andy,

Thanks for that, yep exactly what you are saying, the user can edit properties on both the object and can be restricted, however the address business object can never exists on it's own. Just really wanted to vaildate things before i spent a bit of time on it.

Thanks, both of you for your help.

Tim.

Tom Cooley replied on Friday, July 28, 2006

One missing piece to this is you originally asked about CanGetObject on the child. Child objects by definition are not responsible for getting their persisted state from the data source. The root object is responsible for get its and its children's data so there seems no point to providing that permission at the child level. If it were switchable, then it would be appropriate to include.

ajj3085 replied on Friday, July 28, 2006

I don't totally agree with this. Its entirely possible that a user is not permitted to see address data for a contact for whatever reason. In this case, it makes sense to have the permission there... assuming of course the role is NEVER allowed to see addresses. So, it depends. Smile [:)]

Tom Cooley replied on Friday, July 28, 2006

I'll buy that. I was thinking of "Get" in the context of retrieve from the database. But a role-base permission of whether or not that child object is viewable is a reasonable property.

I stand corrected. Embarrassed [:$]

ajj3085 replied on Friday, July 28, 2006

No worries; I personally would optimize is that if the user couldn't see those properties, the address data doesn't get loaded from the db at all. (If that's possible, anyway. Sometimes its not.)

Still need to get to a .Net meeting...