It looks like AddAuthorizationRules is firing on the DataPortal.Create. I have a PersonSearch page with the grid which displays the search results. The PersonID field is a link field in the grid. I need to disable/enable that link based on loggedin user, whether the login user cancreate/canget the Person object from the PersonSearch page.
I am trying to use csla security authorization rules. CanGetObject/CanCreateObject but it always returns true even when the login user doesn’t have access. Please let me know how I can check the user access of the object without creating it.
Csla.Security.AuthorizationRules.CanGetObject(GetType(MyLibrary.Person))
Csla.Security.AuthorizationRules.CanCreateObject(GetType(MyLibrary.Person))
Csla.Security.AuthorizationRules.CanEditObject(GetType(MyLibrary.Person))
Csla.Security.AuthorizationRules.CanDeleteObject(GetType(MyLibrary.Person))
I have the following code in the Person class.
Partial Public Class Person
Inherits BusinessBase(Of Person)
Protected Overrides Sub AddAuthorizationRules()
Dim canWrite As String() = {"A", "B", "C", "D", "E", "F", "G"}
Dim canRead As String() = {"A", "B", "C", "D", "E", "F", "G"}
Dim canCreate As String() = {"B", "C", "D", "E", "F"}
Dim canDelete As String() = {"A","B", "C", "D", "E"}
AuthorizationRules.AllowCreate(GetType(Person), canCreate)
AuthorizationRules.AllowDelete(GetType(Person), canDelete)
AuthorizationRules.AllowEdit(GetType(Person), canWrite)
AuthorizationRules.AllowGet(GetType(Person), canRead)
End Sub
End Class
You need to implement a static method named AddObjectAuthorizationRules - that's where you add per-type rules.
Thanks for your quick response. This is working partially but I found another issue. Please let me know how I need to fix this.
As I mentioned I have a Person Search Page with PersonGridView. When I search the results and trying to enable/disable the link based on canGetObject , Its working fine. In the same grid I have another link to go to the Case Details for that Person. The login user should be able to view Case Details but he cannot access Person details (person link on the case details page) from case details page. And I am try to do the same check Csla.Security.AuthorizationRules.CanGetObject(GetType(MyLibrary.Person)) and I noticed the CanGetObject returns always true and also Its somehow appends the roles. I debug the code and found It calls
GetAllowGetRoles in AuthorizationRules.cs
GetRoles in ObjectAuthorizationRules.cs
Csla.Security.AuthorizationRules.GetAllowGetRoles(objectType) in AuthorizationRules.cs returns 15 roles
which means "A", "B", "C", "D", "E", "F", "G" + "A", "B", "C", "D", "E", "F", "G" + loginuser "H"
I don't understand why its keeping the roles and appending. Is there a parameter we can force it to call AddObjectAuthorizationRules from the Case details page because the AddObjectAuthorizationRules is not called from the case details page.
Here is the code I have now :
Private Shared Sub AddObjectAuthorizationRules()
Dim canWrite As String() = {"A", "B", "C", "D", "E", "F", "G"}
Dim canRead As String() = {"A", "B", "C", "D", "E", "F", "G"}
Dim canCreate As String() = {"B", "C", "D", "E", "F"}
Dim canDelete As String() = {"A","B", "C", "D", "E"}
AuthorizationRules.AllowCreate(GetType(Person), canCreate)
AuthorizationRules.AllowDelete(GetType(Person), canDelete)
AuthorizationRules.AllowEdit(GetType(Person), canWrite)
AuthorizationRules.AllowGet(GetType(Person), canRead)
End Sub
AddObjectAuthorizationRules is called one time per AppDomain per type, and the results are cached for the lifetime of the AppDomain. Every business object type is responsible for managing its own authorization rules.
CSLA objects are UI independent. If your UI has different requirements for different pages, then those pages should use different objects - which seems a little odd at first, but is pretty obvious when you think about what I just said.
If your UI has different requirements that means different business rules. Objects encapsulate behavior (business rules). So if different pages need different business rules, then they obviously need different objects.
Copyright (c) Marimer LLC