Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide criteria to per-type authorization rules #1196

Closed
ajj7060 opened this issue Jun 29, 2019 · 6 comments
Closed

Provide criteria to per-type authorization rules #1196

ajj7060 opened this issue Jun 29, 2019 · 6 comments
Assignees
@ajj7060
Labels
kind/enhancement
Projects
Version 5.0.0

Comments

@ajj7060
Copy link
Contributor

ajj7060 commented Jun 29, 2019

Is your feature request related to a problem? Please describe.
In complex authorization scenarios, there is sometimes not enough information available for a per-type rule to determine if permission can be granted. For example, a user may have view access to orders at one site, but may create new orders at a different site. The only option today is to always response the user can create orders, but throw an exception if attempted at the view only site.

Describe the solution you'd like
Provide access to the criteria object, if any, via the AuthorizationContext, so that the rule may use that information to make more detailed determination.

Describe alternatives you've considered
To work around this currently, we are creating an interface that must be implemented by the business object's class. Then, in the HasPermission call, we are new-ing up an instance of business object and setting special properties only there for the auth rule to use and passing it instead of the type. The downside is that this does not happen when Csla invokes the per-type rule, only in our static CanCreateObject(int customerId) method.

Additional context
This is discussed in this forum thread.
@ajj7060
Copy link
Contributor Author

ajj7060 commented Jun 29, 2019

@rockfordlhotka I'm going to take a stab at this, if you want to assign it to me.

@rockfordlhotka rockfordlhotka added this to To do in Version 5.0.0 via automation Jun 30, 2019
ajj7060 added a commit to ajj7060/csla that referenced this issue Jul 8, 2019
@ajj7060
MarimerLLC#1196 Add ability to pass criteria via authorization context
65d20a9
@ajj7060 ajj7060 mentioned this issue Jul 8, 2019
Closed
ajj7060 added a commit to ajj7060/csla that referenced this issue Jul 8, 2019
@ajj7060
MarimerLLC#1196 Adding copyright notices
69df6d2
ajj7060 added a commit to ajj7060/csla that referenced this issue Jul 10, 2019
@ajj7060
MarimerLLC#1196 Added new property to IAuthorizationContext; updated …
ad8c423 
…test rule to use IAuthorizationContext interface
@ajj7060 ajj7060 mentioned this issue Jul 10, 2019
Closed
ajj7060 added a commit to ajj7060/csla that referenced this issue Jul 16, 2019
@ajj7060
MarimerLLC#1196 Now passes criteria array to IAuthorizationContext
59076e5
@ajj7060
Copy link
Contributor Author

ajj7060 commented Jul 16, 2019

@rockfordlhotka I merged the changes from your branch into my branch, and made the appropriate changes. I can't do a PR to your branch though, so I'm not sure where to go next with this. you can find my changes at https://github.com/ajj7060/csla/tree/1196-AuthorizationContext_CriteriaProperty

@rockfordlhotka
Copy link
Member

Thanks @ajj7060 - I thought you could do a PR to my branch, but now I know better. I wonder how to collaborate like that then? Hmm...

@ajj7060
Copy link
Contributor Author

ajj7060 commented Jul 22, 2019

@rockfordlhotka I was able to merge into my branch from yours, so perhaps you could do the reverse? Seems odd that they don't have a PR for this kind of thing though.

@rockfordlhotka
Copy link
Member

@ajj7060 I just tried to create a PR to pull your changes into my 1102 branch, but they are no longer compatible.

However, I'm about to merge my 1102 branch into master (whew!!!), and so you should be able to do a normal PR of your changes into master in a few minutes.

@rockfordlhotka rockfordlhotka moved this from To do to In progress in Version 5.0.0 Jul 31, 2019
@ajj7060 ajj7060 mentioned this issue Aug 6, 2019
Merged
Version 5.0.0 automation moved this from In progress to Done Aug 7, 2019
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ajj7060 ajj7060

Labels
kind/enhancement
Projects
No open projects
Version 5.0.0
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#1196 Add Criteria property to IAuthorizationContext ajj7060/csla
2 participants
@ajj7060 @rockfordlhotka