I have successfully set authorization rules for both type and property levels. However, I cannot enforce a method level authorization rule - how am I supposed to pass to the rule the desired method?
I've tried like this, but without success:
Csla.Rules.BusinessRules.AddRule(typeof(Priority),
new Csla.Rules.CommonRules.IsNotInRole(Csla.Rules.AuthorizationActions.ExecuteMethod, "NameOfMethod" , "Role"));
I also tried to pass the method like this:
Csla.Rules.BusinessRules.AddRule(typeof(Priority),
new Csla.Rules.CommonRules.IsNotInRole(Csla.Rules.AuthorizationActions.ExecuteMethod, new MethodInfo("NameOfMethod()") , "Role"));
but also without success.
I think I don't pass the name of the method correctly, but I cannot find anywhere info on this rule - there is vast ammount of information on type and property level authorization rules, but noting about ExecuteMethod.
Thanks.
Use RegisterMethod to register the method, much like you use RegisterProperty to register a property. Then use the resulting static metadata token to represent the method when adding and checking rules.
I've tried like this:
[Serializable]
public class Priority : RootBase<Priority, PriorityDto>
{
private static MethodInfo AuthorizationTestMethod = RegisterMethod(typeof(Priority), "AuthorizationTest");
public bool AuthorizationTest()
{
return true;
}
protected static void AddObjectAuthorizationRules()
{
Csla.Rules.BusinessRules.AddRule(typeof(Priority),
new Csla.Rules.CommonRules.IsNotInRole(Csla.Rules.AuthorizationActions.ExecuteMethod, AuthorizationTestMethod, "Role 1"));
}
}
And it still executes. In AddObjectAuthorizationRules() there are similar rules for properties, and work fine.
Can you post a snippet how exactly I should call RegisterMethod?
P.S. What exactly is considered "editing" regarding to AuthorizationActions.EditObject? If my class has two string properties, changing the text of one them is not considered "editing", correct?
You do need to call CanExecuteMethod() at the top of the method.
Copyright (c) Marimer LLC