My team and I have been using CSLA.NET for a while now and recently we got the requirement to update how roles are processed.
In classic ASP.NET Membership you have a role. For simplicity, let's just say it is the "ReadOnly" role. To limit BusinessBase authorization for the that role, you would do something like the following:
protected static void AddObjectAuthorizationRules() { string[] read = new string[] { "ReadOnly" }; Csla.Rules.BusinessRules.AddRule(typeof(LookUp), new Csla.Rules.CommonRules.IsInRole(Csla.Rules.AuthorizationActions.GetObject, read));
}Our new role structure appends a user's Department to the role so now our roles look like "DeptName:RoleName". We have the roles populating in our custom membership code/tables and we have a way to check the roles. Here is what we will be implementing (code brevity to keep focus on the question's scope; new code is bolded):
protected static void AddObjectAuthorizationRules() { List<string> readUsers = new List<string>() { "ReadOnly"}; Csla.Rules.BusinessRules.AddRule(typeof(LookUp), new Csla.Rules.CommonRules.IsInRole(Csla.Rules.AuthorizationActions.GetObject, ProcessAuthorizationRoles(readUsers)));
}private static List<string> ProcessAuthorizationRoles(List<string> pDefinedRoles) { List<string> _userRoles = ((CustomIdentityClass)Csla.ApplicationContext.User.Identity).Roles; return _userRoles.FindAll(x => pDefinedRoles.Exists(y => x.Contains(string.Format(":{0}", y))));
}
How we can keep our code DRY within the CSLA framework without having to implement the same function (ProcessAuthorizationRoles) in each BusinessBase object?
Thanks in advance!
