the "Kosher" way to register custom authorization rules
the "Kosher" way to register custom authorization rulesOld forum URL: forums.lhotka.net/forums/t/9292.aspx
breakphreak posted on Thursday, July 29, 2010
hey there :)
Just discovered in the source a static method, called "AddObjectAuthorizationRules()" that every business object type (for example) might implement. I find it very useful for the following pattern (problem description will follow):
- Some application-level base class imlements the method above (static protected)
- The implementation scans the attributes of the actual (probably derived) class, generates authorization rules and registers them
- Scanning class/interface-level attributes is easy
- Registering class-level rules is easy
- Scanning property-level attributes is easy
- PROBLEM: Registering property-level rules is cumbersome.
- to create a property-level rule (which will be obviously mapped to Write/ReadProperty action), I need to supply an "element" argument, which is of type "IMemberInfo" to the rule constructor.
- to get the IPropertyInfo for the right property I might use FieldManager, but I am in the static context
Possible solutions (both not very "Kosher"):
- Patch the Csla source, thus declaring the "PropertyInfoManager" as public. Not very exciting. Assumed you've done it on purpose and expecting some other probs (order call of static constructors etc)
- Provide a custom local implementation for "IMemberInfo" interface (i.e. simply supplying the Name property) and passing the instance to the Rule constructor.
As you might see, neither option is very exciting and looks more like a workaround. Assumed you've considered issues like mine, when designing the cool library, it would be great to hear a bit of advice regarding the better solution that fully complies to the Csla state of mind.
Update: continued here: http://forums.lhotka.net/forums/p/9293/44087.aspx#44087
Copyright (c) Marimer LLC