I think you are going about it a wrong way. You are
looking at which Role denies access to the property, but instead you should be
trying to set up which role has access to the property.
Let me explain. Your Role1 is authorized to write field1
and field2 and denied write access on field3 and field4.
Now lets assume that you have Role two that has access to all 4
fields (field1, field2, field3, field4)
Your authorization should then be on field3 and field4 checking
whether user is in Role2 and only allowing write for that role. Then
Role1 is obviously denied access, as well as unauthenticated users (after
logout).
Nermin Dibek
From: PabloDiaz
[mailto:cslanet@lhotka.net]
Sent: Thursday, August 07, 2008 10:59 AM
To: Nermin Dibek
Subject: [CSLA .NET] AllowWrite - DenyWrite properties mixed on same
object
Hi everyone,
I'm newbie to CSLA and trying to figure out the best approach to handle this
scenario.
I have an object with four fields: field1, field2, field3, field4
I have N number of roles and N number of status. On status1, Role1 has
access to field1, field2; then I allowWrite to those fields in my authorization
rules, but field3, field4 are denyWrite. That work perfectly. The problem is
that when I logout and the View(form) is open field3 and field4 are made
available to user. I think that is because those fields doesn't have an
allowWrite on them, and framework makes them available to everybody which is
not denied.
And this is making me think that I am going to need writing the
authorization rules for every role inside this object. Am I wrong? What if I
have five roles with 15 properties on this object, that would be a lot of
rules. I think my problem is having an object on which not all properties are
allowWrite for the current role, but a mixed of allowWrite and denyWrite.
Thanks in advanced