How does one allow a user to only be able to edit only his items in XAF

StackOverflow https://stackoverflow.com/questions/16666017

Pergunta

I have a CompanyUser and Product class
Each user can create x amount of products. I only want each user to be able to view each others products, but only to be able to edit their own product.

I have create a Role named ProductPeople with type permission on the Product class that I assign to the CompanyUsers (the role has all permissions, read write navigate etc).
Where would i set the criteria that only userX can edit/delete his own product?

Foi útil?

Solução 2

As far as I understand your question, you are using only typepermissions. To be able to express what you want, you will have to employ objectpermissions. For an object of type SecuritySystemObjectPermissionsObject, you can specify a Criteria by which you can express the restriction regarding 'own product'.

Outras dicas

Here is the code for the updater class. It will create permissions for all objects in your base assembly. You need a restricted baseobject class for this to work, it should define two properties, CreatedBy which is a TeamMember (SecuritySystemUser descendant) and Restricted which says if a property is to be specifically restricted. If you now mark Restricted as checked, it should hide the object from everyone but the user creating it.

Note: This only deals with your assembly. You can add another loop for all referenced assemblies including BaseImp and Base. I do that for the KPI assembly as an example.

     private void CreateTeamRole()
    {
        SecuritySystemRole Role = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Team"));
        if (Role != null)
            return;
        Role = ObjectSpace.CreateObject<SecuritySystemRole>();
        Role.Name = "Team";
        Role.CanEditModel = true;
        Role.SetTypePermissions<SecuritySystemUser>(SecurityOperations.Read, SecuritySystemModifier.Allow);
        Role.SetTypePermissions<SecuritySystemRole>(SecurityOperations.Read, SecuritySystemModifier.Allow);
        Role.SetTypePermissions<TeamMember>(SecurityOperations.ReadWriteAccess, SecuritySystemModifier.Allow);
        Role.SetTypePermissions<TeamMember>(SecurityOperations.Navigate, SecuritySystemModifier.Allow);
        foreach (var item in System.Reflection.Assembly.GetAssembly(typeof(DevExpress.ExpressApp.Kpi.KpiDefinition)).GetTypes())
            if (item.IsSubclassOf(typeof(XPBaseObject)))
                Role.SetTypePermissions(item, SecurityOperations.FullAccess, SecuritySystemModifier.Allow);
        Role.SetTypePermissions<XPWeakReference>(SecurityOperations.FullAccess, SecuritySystemModifier.Allow);
        foreach (var item in System.Reflection.Assembly.GetAssembly(typeof(BaseObject)).GetTypes())
        {
            if (item.IsSubclassOf(typeof(XPBaseObject)) && !item.Equals(typeof(TeamMember)))
            {
                if (item.IsSubclassOf(typeof(RestrictedBaseObject)))
                {
                    Role.SetTypePermissions(item, "Create;Navigate;Delete", SecuritySystemModifier.Allow);
                    Role.AddObjectAccessPermission(item, "!Restricted or [CreatedBy.Oid] = CurrentUserId()", SecurityOperations.ReadWriteAccess);
                }
                else
                    Role.SetTypePermissions(item, SecurityOperations.FullAccess, SecuritySystemModifier.Allow);
            }
        }
    }
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top