Databases Reference
In-Depth Information
Now take a closer look at how this attribute is implemented and how it can be used to
extend the Dynamic Data meta model:
[AttributeUsage(AttributeTargets.Class)]
public class AuthorizationAttribute : Attribute
{
public AuthorizationAttribute(params object[] rules);
public ReadOnlyCollection<AuthorizationRule> Rules { get; }
public bool IsAuthorized(IPrincipal principal, Actions actions);
}
The main access point of the
AuthorizationAttribute
is the
IsAuthorized
method. It
takes an
IPrincipal
object, which represents a user of the application, one or more
Actions
the user needs to perform, and returns a
Boolean
value that indicates if he is
permitted to do it. Before evaluating the rules for the first time in a given attribute, the
IsAuthorized
method parses the open array of objects specified in the constructor into a
collection of
AuthorizationRule
objects, exposed by the
Rules
property.
public class AuthorizationRule
{
public bool Authorize { get; }
public Actions Actions { get; }
public ReadOnlyCollection<string> Roles { get; }
public ReadOnlyCollection<string> Users { get; }
}
Although the main purpose of the
AuthorizationRule
class is to assist in rule evaluation,
you might find it useful when implementing administrative functionality in your applica-
tion. For instance, the metadata explorer built into the sample application uses it to
display security information about entity types.
NOTE
To mimic the default behavior of the configuration-based authorization r ules, the
IsAuthorized
method returns
true
unless one or more of the requested actions are
explicitly denied by a matching rule. Just as discussed earlier in this chapter, it is
important to include a wild-card
deny
rule after specifying all appropriate
allow
rules to
prevent unauthorized access.
Implementing MetaTable Permission Methods with AuthorizationAttribute
You can take advantage of the
AuthorizationAttribute
when overriding the
CanRead
,
CanInsert
,
CanUpdate
, and
CanDelete
methods in your custom
MetaTable
class. Here is
how the
CanDelete
method is implemented in the
UnleashedMetaTable
(which you can
find in the
Unleashed.DynamicData
project of the sample solution accompanying this
book):