I have a BusinessBase with a lot of PropertyInfo. It has an AuthorizationAction.EditObject that all user can change it. But some user have access to different fields.
User A can update all properties.
User B can only update one property.
Is there a way to have one rule that would be executed on each property change? Writing a AuthorizationAction.WriteProperty for each property would be very long and could cause error in the future if someone adds a property and forget the rule.
If I have no choice, maybe there's a way to look all IMemberInfo of a given type.
#csla has support for you to write custom authorization (authz) rule classes. You can attach exactly one authz rule to a property, and many properties can use the same rule.
It sounds like you need to write a rule that can tell the difference between "user A" and "user B" and attach that rule to the properties to control whether the current user can update the property.
This is certainly overly simplistic, but a rule somewhat like this:
public class UserAUserBRule : Csla.Rules.AuthorizationRule
{
private readonly List<string> users;
public UserAUserBRule(Csla.Core.IPropertyInfo property, params string[] users)
: base(AuthorizationActions.WriteProperty, property)
{
this.users = users.ToList();
}
protected override void Execute(IAuthorizationContext context)
{
var username = Csla.ApplicationContext.User.Identity.Name;
context.HasPermission = users.Contains(username);
}
}
Used in the AddBusinessRules method of your domain class like this:
BusinessRules.AddRule(new UserAUserBRule(FirstNameProperty, "UserA"));
BusinessRules.AddRule(new UserAUserBRule(LastNameProperty, "UserA"));
BusinessRules.AddRule(new UserAUserBRule(CityProperty, "UserA", "UserB"));