Security: Difference between revisions

Various concepts are in place to either grant or deny users specific access to the application.

The following permissions are available for each type.

The maximum allowed permissions for a property or method is based on the access modifiers of the property. Only public access modifiers can be accessed by users. This is based on the getter (read access) and the setter (write access).

public virtual string ExampleProperty
{
    get; 
    protected set;
}

To further limit access if access modifiers are not feasible is by using the Availability attribute. This attribute defines the maximum available permissions for a property. The options are None, Writeonly and Readonly.

[Availability(Availability.ReadOnly)]
public virtual string Name
{
    get; set;
}

A role defines which classes, properties and methods the user has access to. A user can be added in multiple roles and the cummultative permission set of classes, properties and methods will be the users final access profile. Roles are registered and added to the application using modules.

public class ExampleAccessProfile : CodedAccessProfile
{
    protected override void Configure()
    {

        Set<Class1>()
            .AllowAllCreate()
            .AllowAllUpdate();

        Set<Class2>()
            .AllowAllCreate()
            .AllowAllUpdate()
            .AllowDelete();

        Set<Class2>()
            .AllowAllCreate()
            .AllowAllUpdate()
            .AllowDelete();
    }
}

Claims is another form to limit access to properties or methods. By adding a claim the entity's state determines if the policy is added.

public class ExampleClaim : Claim<CustomEntity>
{
    protected override bool CanApply(CustomEntity entity)
    {
        return entity.BooleanCheck;
    }

    protected override void Set(CodedAccessPolicyBuilder<CustomEntity> policy)
    {
        policy.DenyMethod(i => i.MyMethod());
    }
}

In the above example the method MyMethod() is denied access if the BooleanCheck value is true.