Current filter:
                                You should refresh the page.
                                  • Hello!
                                    I have created custom platform-agnostic module with a collection of PermissionBase descendant permissions for use with old security system. I use SecuritySystem.IsGranted to check, if permission is granted for current user.
                                    How i need to upgrade my custom module permissions and code, that check them, to suit both new and old security sustems?
                                    Thank you!

                                Show all comments
                                • Dennis (DevExpress) 12.22.2011

                                  Hello Alexey,
                                  Thank you for contacting us. You cannot use old and new security systems at the same time. To learn more on how to create a custom permission for the new security system, refer to the SecurityStrategyComplex: how to manage my custom permissions? report. It contains a description with some example code. I hope you find this information helpful.
                                  Thanks,
                                  Dennis

                                • Taradanov 12.22.2011

                                  I have changed my implementation to meet your requirements like this:
                                      public class TrackingOptionsPermission : OperationPermissionBase
                                      {
                                          public const string OperationName = "TrackingOptions";
                                          public override IList<string> GetSupportedOperations()
                                          {
                                              return new string[] { OperationName }; ;
                                          }
                                          public TrackingOptionsPermission() : base(OperationName) { }
                                          public override string ToString()
                                          {
                                              return CaptionHelper.GetClassCaption(this.GetType().FullName);
                                          }
                                      }
                                      public class TrackingOptionsPermissionRequest : OperationPermissionRequestBase
                                      {
                                          public TrackingOptionsPermissionRequest() : base(TrackingOptionsPermission.OperationName) { }
                                      }
                                      public class TrackingOptionsRequestProcessor : PermissionRequestProcessorBase<TrackingOptionsPermissionRequest>
                                      {
                                          protected override bool IsRequestFit(TrackingOptionsPermissionRequest permissionRequest, OperationPermissionBase permission, IRequestSecurityStrategy securityInstance)
                                          {
                                              if (permission is TrackingOptionsPermission) return true;
                                              return false;
                                          }
                                      }
                                      public class TrackingOptionsPermissionData : PermissionData
                                      {
                                          public override System.Collections.Generic.IList<IOperationPermission> GetPermissions()
                                          {
                                              return new IOperationPermission[] { new TrackingOptionsPermission() };
                                          }
                                          protected override string GetPermissionInfoCaption()
                                          {
                                              return CaptionHelper.GetClassCaption(GetType().FullName);
                                          }
                                      }
                                  Is this correct way of implementing simple custom permission? Btw, i cant find SecurityStrategy.RequestProcessors property to register my custom permission request processor. Where i shoul register it? In the module constructor? Do i need to implement the same for all my other custom permissions in the module? Is this new permissions stored in separate table in the database, or is they stored like it was implemented in the old security system? Will this implementation will be sufficien for old security, or i should keep my old implementation and add another check for new security?

                                • Dennis (DevExpress) 12.23.2011

                                  Hi Alexey,
                                  Thank you for the update.
                                  We could not find anything wrong with your code.
                                  As for RequestProcessor, it should be registered in the overridden Initialize method of the SecurityStrategy class or its descendants. For instance, in our code we do it as follows:

                                  [C#]
                                  public virtual void Initialize(IObjectSpaceProvider objectSpaceProvider) { ObjectSpaceProvider = objectSpaceProvider; RequestProcessors.Register(new TypePermissionRequestProcessor(objectSpaceProvider)); RequestProcessors.Register(new MemberPermissionRequestProcessor(objectSpaceProvider)); RequestProcessors.Register(new ModelPermissionRequestProcessor()); RequestProcessors.Register(new AnyMemberPermissionRequestProcessor()); RequestProcessors.Register(new AnyObjectPermissionRequestProcessor()); }

                                  You should implement any other custom permissions in the same manner.
                                  These permissions will be stored in the database as regular persistent classes.
                                  Take special note that the old and new security systems are incompatible and your application cannot operate with them at once. For more convenience, we plan to provide a converter tool that will convert old roles with permissions to the new ones. The idea of this conversion is simple: take old roles and create new permission object based on them:

                                  [C#]
                                  void ConvertPermissions() { Employee fakeUser = ObjectSpace.FindObject<Employee>(new BinaryOperator("Email", "agentsmith@matrix.com")); if(fakeUser == null) { fakeUser = ObjectSpace.CreateObject<Employee>(); } fakeUser.FirstName = "Permissions converter"; fakeUser.LastName = "Smith"; fakeUser.PublicName = "Agent"; fakeUser.Email = "agentsmith@matrix.com"; SecurityComplex<Employee, MyDXRole> security = new SecurityComplex<Employee, MyDXRole>(new DXAuthenticationActiveDirectory(typeof(object))); XPCollection<MyDXRole> roles = new XPCollection<MyDXRole>(((ObjectSpace)ObjectSpace).Session); foreach(MyDXRole role in roles) { fakeUser.Roles.Add(role); security.Logon(fakeUser); ((ISecurityStrategyBase)security).ReloadPermissions(); role.PermissionsContainer = new PermissionsContainer(((ObjectSpace)ObjectSpace).Session); foreach(ITypeInfo typeInfo in XafTypesInfo.Instance.PersistentTypes) { TypeOperationPermissionData typeData = ObjectSpace.CreateObject<TypeOperationPermissionData>(); typeData.TargetType = typeInfo.Type; typeData.AllowRead = security.IsGranted(new ObjectAccessPermission(typeInfo.Type, ObjectAccess.Read)); typeData.AllowWrite = security.IsGranted(new ObjectAccessPermission(typeInfo.Type, ObjectAccess.Write)); typeData.AllowCreate = security.IsGranted(new ObjectAccessPermission(typeInfo.Type, ObjectAccess.Create)); typeData.AllowDelete = security.IsGranted(new ObjectAccessPermission(typeInfo.Type, ObjectAccess.Delete)); typeData.AllowNavigate = security.IsGranted(new ObjectAccessPermission(typeInfo.Type, ObjectAccess.Navigate)); if(typeData.AllowRead || typeData.AllowWrite || typeData.AllowCreate || typeData.AllowDelete || typeData.AllowNavigate) { typeData.Save(); role.PermissionsContainer.PersistentPermissions.Add(typeData); role.Save(); } else { typeData.Delete(); } } ModelOperationPermissionData modelPermissionData = ObjectSpace.CreateObject<ModelOperationPermissionData>(); modelPermissionData.CanEditModel = security.IsGranted(new EditModelPermission()); role.PermissionsContainer.PersistentPermissions.Add(modelPermissionData); role.Save(); security.Logoff(); fakeUser.Roles.Remove(role); ObjectSpace.CommitChanges(); } fakeUser.Delete(); ObjectSpace.CommitChanges(); }

                                  I hope you find this information helpful.
                                  Thanks,
                                  Dennis

                                • Taradanov 12.23.2011

                                  Thank you for your clarification. Its still a bit unclear for me, how i can override Initialize method of the SecurityStrategy class. Am i to create new descendant of this class?

                                • Dennis (DevExpress) 12.25.2011

                                  Hello Alexey,
                                  Thank you for the update. I apologize for the confusion. If you do not want to make a descendant, you can simply access the RequestProcessors property before the XafApplication.Setup call and register additional processors there.
                                  Let me know in case of any further difficulties.
                                  Thanks,
                                  Dennis

                                • Taradanov 12.26.2011

                                  And that is the problem - there is no static RequestProcessors property in the SecurityStrategy class.
                                  Ill explain a bit more then.
                                  I have created custom module and now i need to create simple permission for the new security system. According to your explanation, my implementation should be correct and i only need to register it in the system.
                                  So, i need to write something in the module Setup method or in the module constructor, right? SecurityStrategy static properties does not contain any RequestProccessors property at all, so i need to access some other SecurityStrategy, correct? And thats is the question i want to ask you. If you could, would you give me some code to show how to register my permission correctly, if i dont want to create my own SecurityStrategy descendant?
                                  Thank you!

                                • Dennis (DevExpress) 12.26.2011

                                  Hello Alexey,
                                  >>So, i need to write something in the module Setup method or in the module constructor, right?
                                  Yes.
                                  >>SecurityStrategy static properties does not contain any RequestProccessors property at all, so i need to access some other SecurityStrategy, correct?
                                  No.
                                  This property is not static. It is declared in the DevExpress.ExpressApp.Security.SecurityStrategy class as follows:

                                  [C#]
                                  public PermissionRequestProcessorRepository RequestProcessors { get { return requestProcessors; } }

                                  So, you can simply access it in your code after casting SecuritySystem.Instance or XafApplication.Security to SecurityStrategy. I hope it makes sense.
                                  Thanks,
                                  Dennis

                                • Taradanov 12.26.2011

                                  I see, its clear to me now.
                                  Another question - how im to check this new permission with new security system?
                                  Thank you!

                                • Dennis (DevExpress) 12.26.2011

                                  Hello,
                                  You can use the or SecuritySystem.IsGranted method for that purpose.
                                  Thanks,
                                  Dennis
                                  P.S.

                                  1. You may also be interested in methods of the DataManipulationRight class, but it is undocumented.
                                  2. The Support Center concept does not allow multiple problems within a thread as this makes it difficult to properly track such items. Please open a new issue for each question you want to ask in the future.
                                • Taradanov 12.27.2011

                                  Ive added this to my custom module:
                                          void application_SetupComplete(object sender, EventArgs e)
                                          {
                                              if (SecuritySystem.Instance is SecurityStrategy)
                                              {
                                                  SecurityStrategy SecurityStrategy = SecuritySystem.Instance as SecurityStrategy;
                                                  SecurityStrategy.RequestProcessors.Register(new Classes.Permissions.TrackingOptionsRequestProcessor());
                                              }
                                          }
                                  Now i can see Tracking Options Permission Data in the role permissions list. But how i can assign my custom permission to user?
                                  Thank you!

                                • Dennis (DevExpress) 12.28.2011

                                  Hello Alexey,
                                  By default you can show the hidden PersistentPermissions tab and add permissions via it. If you are looking for a more convenient way of accomplishing this, you can make a descendant of the Role class and provide any logic and UX you need. For instance, look at how our Edit Model permission is implemented. I hope you find this information helpful.
                                  If you experience any difficulty visualizing custom permissions, please log a separate ticket, because this is beyond the scope of your original problem. Thank you for your understanding.
                                  Thanks,
                                  Dennis

                                0 Solutions

                                Creation Date Importance Sort by