Security: Difference between revisions
From MXMS Wiki
Jump to navigationJump to search
| Line 1: | Line 1: | ||
== Access modifiers == | == Access modifiers == | ||
The maximum allowed permissions for a property or method is based on the access modifiers of the property. Only publisc access modifiers can be accessed by users. This is based on the getter (read access) and the setter (write access). | |||
<pre> | <pre> | ||
public virtual string ExampleProperty | public virtual string ExampleProperty | ||
Revision as of 05:50, 3 April 2026
Access modifiers
The maximum allowed permissions for a property or method is based on the access modifiers of the property. Only publisc access modifiers can be accessed by users. This is based on the getter (read access) and the setter (write access).
public virtual string ExampleProperty
{
get;
protected set;
}
Attributes
To further limit access is by using the Availability attribute. This attribute defines the maximum available permissions for a property. The options are None, Writeonly and Readonly.
[Availability(Availability.ReadOnly)]
public virtual string Name
{
get; set;
}
Roles
A role defines which classes, properties and methods the user has access to. A user can be added in multiple roles and the cummultative permission set of classes, properties and methods will be the users final access profile.
public class ExampleAccessProfile : CodedAccessProfile
{
protected override void Configure()
{
Set<Class1>()
.AllowAllCreate()
.AllowAllUpdate();
Set<Class2>()
.AllowAllCreate()
.AllowAllUpdate()
.AllowDelete();
Set<Class2>()
.AllowAllCreate()
.AllowAllUpdate()
.AllowDelete();
}
}
Claims
public class ExampleClaim : Claim<CustomEntity>
{
protected override bool CanApply(CustomEntity entity)
{
return entity.BooleanCheck;
}
protected override void Set(CodedAccessPolicyBuilder<CustomEntity> policy)
{
policy.DenyMethod(i => i.MyMethod());
}
}
