New security system scenario question

Question

Hello!

I have four bussiness classes: Group, Form, Report and Value. Groups have many Forms and Forms have many Reports, wich in exchange have many Values.

I need to create role for user, so he can edit only Values property of Report class. He also must have permission to navigate to Forms list view and Reports list view via Navigation menu.

So, i have created a Role like this:

	[C#]
{
                    SecuritySystemTypePermissionObject TypePermission = OperatorRole.CreateItem(typeof(Group));

                    {
                        SecuritySystemMemberPermissionsObject MemberPermission = TypePermission.CreateMemberPermissionsObject();

                        MemberPermission.Members = @"Forms";

                        MemberPermission.AllowWrite = true;
                    }
                }

                {
                    SecuritySystemTypePermissionObject TypePermission = OperatorRole.CreateItem(typeof(Form));

                    TypePermission.AllowNavigate = true;

                    {
                        SecuritySystemMemberPermissionsObject MemberPermission = TypePermission.CreateMemberPermissionsObject();

                        MemberPermission.Members = @"Reports";

                        MemberPermission.AllowWrite = true;
                    }
                }

                {
                    SecuritySystemTypePermissionObject TypePermission = OperatorRole.CreateItem(typeof(Report));

                    TypePermission.AllowNavigate = true;

                    {
                        SecuritySystemMemberPermissionsObject MemberPermission = TypePermission.CreateMemberPermissionsObject();

                        MemberPermission.Members = @"Values";

                        MemberPermission.AllowWrite = true;
                    }
                }

This role have also permission to read all objects and to edit Value class object.

It all work fine, IF user first navigate to Reports navigation ListView node. After he opens a Report from this view, Values ListView property is editable. BUT if he opens Forms ListView first, then open appropriate Report from Reports ListView property of opened Form, then Values ListView property of opened Report is not editable.

How i can make Values property of Report class editable for user, regardless of wich ListView was parent of current Report DetailView?

Thanks!

Answer 1

0

Dennis (DevExpress Support) 08.08.2012

Hello,

Our research has shown that for the correct work it is necessary to give the Write permission for the IndicatorForm member of the IndicatorFormReport class (this member is a back association reference). I hope you find this information helpful.

Show all comments

Taradanov Alexey 08.08.2012
I see... All association sides must be editable then. Thanks!
Dennis (DevExpress Support) 08.08.2012
You are always welcome, Alex!
Taradanov Alexey 08.13.2012
Hmmm... I tried your approach and it worked, as expected, but now im faceing another problem - im forced to expose both sides of association, so how i suppose to protect IndicatorForm property from modification from user, that should not change it?
Dennis (DevExpress Support) 08.14.2012
Thank you for the update. Our additional research shows that this is a result of the Security - The HasRightsToModifyMemberController incorrectly marks the entire ListPropertyEditor as readonly when the Write operation is denied for the corresponding collection member in our product. We will do our best to fix it as soon as we can.
Taradanov Alexey 08.15.2012
That means that i can remove write permission on master object association when this problem is fixed?
Dennis (DevExpress Support) 08.15.2012
Exactly. You will not need an explicit permission for another side of your association.

You must log in or register to leave comments

Answer 2

0

Dan (DevExpress) 07.04.2012

This behavior is a specificity of XAF user interface part and is not related to security: the IndicatorFormReports editor is marked as read-only in the IndicatorForm_DetailView view, so the opened IndicatorFormReport_DetailView view is also opened as read-only.
In contrast, the IndicatorFormReport_DetailView view is not set read-only when it is opened from a root ListView. That is why the IndicatorFormReport_DetailView view is read-only in one case and editable in another. We will see how to improve this situation though I cannot promise any time frame because the old functionality is based on this behavior.

You can find more details about how to diagnose this situation at Why is it disabled?.

Taradanov Alexey 07.05.2012
I figured as much. I hope you will resolve this situation - MemberLevelSecurity is rendered useless by this behaviour, and i have many similar scenarios in my project. Im sure, many others too.
Dan (DevExpress) 07.09.2012
I have registered the corresponding ticket in our database: Security - A detail view should be set to readonly in accordance with security settings if it is opened from another readonly view.
Please track it to be notified when its status is changed.
Taradanov Alexey 07.09.2012
Thanks!
Dan (DevExpress) 07.09.2012
You are welcome!

You must log in or register to leave comments

New security system scenario question

2 Solutions

Duplicated Question

New security system scenario question

2 Solutions

Duplicated Question

Related Articles