Dear ladies and sirs.
In CSLA 3.8 one could invoke the AuthorizationRules.AllowGet method passing in the type of some object. This could be done at any level and the object does not have to be a BO.
For instance, we have something called EntityManager. In its static constructor we have a line like this:
static EntityManager()
{
AuthorizationRules.AllowGet(typeof(SomeNonBOType), Roles.Authenticated, Roles.Guest);
}
Is it possilbe in CSLA 4? Or Csla 4 demands that authorization rules be applied to BO only?
Thanks.
The same thing should work. The per-type authorization rules in CSLA 4 don't restrict the object type to any CSLA type, so you should be able to define and check authorization rules for any type.
Thanks Rocky for the prompt reply.
I get it. I was confused by the fact that there is BusinessRules static class and BusinessRules property in a BO.
So, I just replace the old code with this:
BusinessRules.AddRule(typeof(SomeNonBOType), new IsInRole(AuthorizationActions.GetObject, Roles.Authenticated, Roles.Guest));
Copyright (c) Marimer LLC