This thread looks to be a little on the old side and therefore may no longer be relevant. Please see if there is a newer thread on the subject and ensure you're using the most recent build of any software if your question regards a particular product.
This thread has been locked and is no longer accepting new posts, if you have a question regarding this topic please email us at support@mindscape.co.nz
|
I am using for some projects a Rad tool which has out of the box support for securing classes, properties and instances of classes to different roles. Even role inheritance is supported. If I like to use your ORM solution my strategy would be to use Postsharp to define security rules as follows (copied from Postsharp website): I guess I can inject the '[SecuredOperation("Manager")]' somewhere in the visual model? Am I correct? Is your query engine 'PrincipalPermissionAttribute' (which Postsharp uses to 'inject' its secured attributes) aware, so it only fetches data I have the appropriate rights for? Or is there another solution available? |
|
|
|
|
Yes you can add the attribute by using the Custom Attributes collection on the entity. If you need to reference another namespace to include SecuredOperation you can add the namespace to the "Imported Namespaces" collection in the LightSpeed Model Explorer. There is some more detail in the documentation here about this under the Custom Attributes section: http://www.mindscapehq.com/documentation/lightspeed/Working-with-Models-in-the-Visual-Designer/Designer-Shortcuts-and-Tips Im not clear on what you mean by "PrincipalPermissionAttribute aware", Im guess you mean does it perform some rights check? If so, no it doesn't do this, that is left to the calling code. If you can elaborate on what you need to do here we can hopefully suggest some options though.
|
|
|
|
