New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide criteria to per-type authorization rules #1196
Comments
@rockfordlhotka I'm going to take a stab at this, if you want to assign it to me. |
…test rule to use IAuthorizationContext interface
@rockfordlhotka I merged the changes from your branch into my branch, and made the appropriate changes. I can't do a PR to your branch though, so I'm not sure where to go next with this. you can find my changes at https://github.com/ajj7060/csla/tree/1196-AuthorizationContext_CriteriaProperty |
Thanks @ajj7060 - I thought you could do a PR to my branch, but now I know better. I wonder how to collaborate like that then? Hmm... |
@rockfordlhotka I was able to merge into my branch from yours, so perhaps you could do the reverse? Seems odd that they don't have a PR for this kind of thing though. |
@ajj7060 I just tried to create a PR to pull your changes into my 1102 branch, but they are no longer compatible. However, I'm about to merge my 1102 branch into master (whew!!!), and so you should be able to do a normal PR of your changes into master in a few minutes. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Is your feature request related to a problem? Please describe.
In complex authorization scenarios, there is sometimes not enough information available for a per-type rule to determine if permission can be granted. For example, a user may have view access to orders at one site, but may create new orders at a different site. The only option today is to always response the user can create orders, but throw an exception if attempted at the view only site.
Describe the solution you'd like
Provide access to the criteria object, if any, via the AuthorizationContext, so that the rule may use that information to make more detailed determination.
Describe alternatives you've considered
To work around this currently, we are creating an interface that must be implemented by the business object's class. Then, in the HasPermission call, we are new-ing up an instance of business object and setting special properties only there for the auth rule to use and passing it instead of the type. The downside is that this does not happen when Csla invokes the per-type rule, only in our
static CanCreateObject(int customerId)
method.Additional context
This is discussed in this forum thread.
The text was updated successfully, but these errors were encountered: