-
In CSLA 4 there are only per-type rules. But a per-instance rule is really a per-type rule that takes into account various elements of state about the current instance. And since CSLA 4 authorization rules can look at the entire object (and any other ambient state), it is quite realistic to think that...
-
I'm currently developing a Csla solution using 3.8.2 and was wondering if authorization was more flexible/customizable in Csla 4.0.x. I have to work with complex auth/validation logic and the line between what is considered authorization or validation is blurry. I started by reading this post http...
-
I have successfully set authorization rules for both type and property levels. However, I cannot enforce a method level authorization rule - how am I supposed to pass to the rule the desired method? I've tried like this, but without success: Csla.Rules.BusinessRules.AddRule(typeof(Priority), new...
-
For performance reasons only one authorization rule is allowed per property/operation. So there's no need for a priority, since there can be only one.
-
PropertyStatus exposes properties you can bind to so you can implement authorization at a property level. ViewModelBase/ViewModel and CslaDataProvider expose properties you can bind to so you can implement authorization at an object level.
-
I'm addressing a case where BypassPropertyChecks may be the solution, but in more general terms. The case involves business processing and authorizations that the user may not otherwise have. In this case, SalesQuote objects are transformed by user action into SalesContract objects. However, there...
-
Thanks for your quick response. This is working partially but I found another issue. Please let me know how I need to fix this. As I mentioned I have a Person Search Page with PersonGridView. When I search the results and trying to enable/disable the link based on canGetObject , Its working fine. In...
-
You need to implement a static method named AddObjectAuthorizationRules - that's where you add per-type rules.
-
It looks like AddAuthorizationRules is firing on the DataPortal.Create. I have a PersonSearch page with the grid which displays the search results. The PersonID field is a link field in the grid. I need to disable/enable that link based on loggedin user, whether the login user cancreate/canget the Person...
-
RuleSets should work for you, and clearly there are bugs blocking their use. Somehow that got missed and needs to be addressed.