Is it possible to define authorization rules to non BO types in CSLA 4, like it was possible in CSLA 3.8?

Is it possible to define authorization rules to non BO types in CSLA 4, like it was possible in CSLA 3.8?

Old forum URL: forums.lhotka.net/forums/t/9041.aspx


markell posted on Sunday, June 06, 2010

Dear ladies and sirs.

In CSLA 3.8 one could invoke the AuthorizationRules.AllowGet method passing in the type of some object. This could be done at any level and the object does not have to be a BO.

For instance, we have something called EntityManager. In its static constructor we have a line like this:

    static EntityManager()
    {
      AuthorizationRules.AllowGet(typeof(SomeNonBOType), Roles.Authenticated, Roles.Guest);
    }

Is it possilbe in CSLA 4? Or Csla 4 demands that authorization rules be applied to BO only?

Thanks.

RockfordLhotka replied on Sunday, June 06, 2010

The same thing should work. The per-type authorization rules in CSLA 4 don't restrict the object type to any CSLA type, so you should be able to define and check authorization rules for any type.

markell replied on Sunday, June 06, 2010

Thanks Rocky for the prompt reply.

I get it. I was confused by the fact that there is BusinessRules static class and BusinessRules property in a BO.

So, I just replace the old code with this:

BusinessRules.AddRule(typeof(SomeNonBOType), new IsInRole(AuthorizationActions.GetObject, Roles.Authenticated, Roles.Guest));

Copyright (c) Marimer LLC