CSLA 4.0 Authorization - Reset rules

CSLA 4.0 Authorization - Reset rules

Old forum URL: forums.lhotka.net/forums/t/9536.aspx


Turntwo posted on Tuesday, September 14, 2010

I'm loading Authorization rules from the database, but my application allows for switching databases, at which time the rules need to be reset.  I can't see any way to Reset the AuthorizationRules, clear the cache or anything.  I did this in CSLA 3.8.x by clearing the cached rules using reflection, which then reloaded them per object as needed.  However, the rules are spread out a little more in CSLA 4.0, so this technique doesn't look like it will work as well.  I thought RuleSets might be the answer, but I'm encountering issues with them as well, and what appears to be some bugs in their implementation.  Any assistance would be greatly appreciated.

Here is the problem I've encountered with RuleSets and Authorization Rules.  You can set Authorization Rules with a RuleSet specified, however when the Rules are evaluated the RuleSet is ignored (HasPermission bypasses the TypeAuthRules property and uses AuthorizationRulesManager directly, without including the RuleSet). 

I was trying to use RuleSets because I store authorization information in the database, but my application allows the user to switch databases (at which point the rules may change) - I thought RuleSets could maybe be the answer (each RuleSet corresponding to the database connection).  However, I'm getting no rules being processed because the RuleSets are ignored.

I updated the HasPermission methods to use the TypeAuthRules property and verified that using TypeAuthRules works for Property/Method access checks, as long as I load them in AddObjectAuthorizationRules - I don't load the rules for the new database until that database is accessed, and AddBusinessRules doesn't get re-run when the RuleSet changes - whereas AddObjectAuthorizationRules gets rerun if the RuleSet rules aren't already loaded. 

However, The Object Rules don't respect the RuleSet - HasPermission method for Type rules (Create, Get, Edit, Delete) is static, so BusinessRules can't access the RuleSet property.  I could possibly pull the BusinessRules object and corresponding RuleSet off the object passed, but at least for Create this will be null. So even though you can set a RuleSet on these rules, any RuleSet rules will be ignored.  Am I missing a way to set the current RuleSet globally?

This makes the 4th paragraph actually seem to be backwards - rules that don't respect the RuleSet get loaded on demand per RuleSet, and the rules that will respect the RuleSet are supposed to be loaded in AddBusinessRules - which would require loading all the rules for all rulesets at once - even though those are the instance rules?  (or maybe I'm just backwards - since I may not be using the RuleSet as it was intended). 

RockfordLhotka replied on Tuesday, September 14, 2010

RuleSets should work for you, and clearly there are bugs blocking their use. Somehow that got missed and needs to be addressed.

Copyright (c) Marimer LLC