Hey there - I am new to the forum and here is my first (hopefully answerable) question 
Need to implement custom authorization rule(s).
Examples:
Currently I know that rules can be applied during setup phase:
BusinessRules.AddRule(typeof(myClass), new IsInRole(AuthorizationActions.GetObject, new [] {"role1", "role2"}));
This approach is insufficient and less flexible then required. The rules should be probably applied during DataPortal<T>.Update() (did I missed anything from the source, please?). Any advice will be warmly welcomed.
I assume you've read this post: http://www.lhotka.net/weblog/CSLA4AuthorizationRules.aspx
The AddRule() method doesn't actually run the rule - it just associates the rule with the business object type. The rules are actually applied (executed) when appropriate (such as when a property is read or changed, or an attempt is made to retrieve an object).
Per-type and per-instance rules are enforced by the data portal, so when Save() is called, the relevant authz action is checked (Create/Get/Edit/Delete) and an exception is thrown if the user isn't authorized. The various meta-state properties (like IsSavable) also check the relevant authz permission to calculate their value.
You will need to implement custom rules to do what you describe, because that goes beyond just "is the user in role X". That's fine - just create a subclass of Csla.Rules.AuthorizationRule, do your checks and return true/false as appropriate.
Thanks a lot for so quick and elaborative answer.
Copyright (c) Marimer LLC