Authorization code issue when generating an EditableRootList in CSLA Silverlight apps:

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Generate an EditableRootList object
2.
3.

What is the expected output? What do you see instead?

In the MyObjectList.cs file (not the .generated file) , it generates the 
following code:

#region Authorization Rules
        protected static void AddObjectAuthorizationRules()
        {
            //Csla.Rules.BusinessRules.AddRule(typeof(MyObject), new 
Csla.Rules.CommonRules.IsInRole
(Csla.Rules.AuthorizationActions.CreateObject, "SomeRole"));
            //Csla.Rules.BusinessRules.AddRule(typeof(MyObject), new 
Csla.Rules.CommonRules.IsInRole
(Csla.Rules.AuthorizationActions.EditObject, "SomeRole"));
            //Csla.Rules.BusinessRules.AddRule(typeof(MyObject), new 
Csla.Rules.CommonRules.IsInRole
(Csla.Rules.AuthorizationActions.DeleteObject, "SomeRole", "SomeAdminRole")
);
        }

        #endregion

This throws an exception from Silverlight when trying to invoke this 
method.  Making it public seems to work.  Should we really be doing this 
in CSLA 4 anyways?  Shouldn't the auth rules be incorporated with the Biz 
Rules as Rocky talk about here:  
http://www.lhotka.net/weblog/CSLA4AuthorizationRules.aspx

What version of the product are you using?

CodeSmith: v5.2.1, CSLA Templates: v2.0.1.1664, CSLA Framework: v4.0.0.
Visual Studio 2010

Please provide any additional information below.

Original issue reported on code.google.com by RoyMunso...@gmail.com on 4 Jun 2010 at 12:16

[GoogleCodeExporter]

Hello,

Could you create a new forum post for this issue and ask this question and see 
what the general consensus is.

Thanks
-Blake Niemyjski

Original comment by bniemyjski on 8 Jun 2010 at 8:31

• Changed state: AwaitingInfo
• Added labels: Type-Defect, Framework-CSLA

[GoogleCodeExporter]

If CSLA 4.0 business rules memory management is better than the 3.8.2 CSLA 
Security approach, then I vote for incorporating the code in the business 
rules. See http://forums.lhotka.net/forums/p/9053/43030.aspx#43030, which is 
built with Codesmith CSLA templates and highlights some poor memory usage for 
security objects.

Original comment by JenasysD...@gmail.com on 9 Jun 2010 at 11:41

[GoogleCodeExporter]

In CSLA 4, the issue isn't that it is a child object so much as the fact that 
protected methods aren't serializable in Silverlight. You don't really need the 
AddObjectAuthorizationRules in the Silverlight dll of your business objects 
because the .NET side calls it as well and the dataportal deals with it 
accordingly. It usually doesn't even call the AddObjectAuthorizationRules 
except I find in uncommon cases so I see where it could seem that the reason is 
because it is a child object. if you just add #if !SILVERLIGHT block around the 
AddObjectAuthorizationRules() method you will avoid having to make it public.

UPDATE: that answer may have seemed convoluted, so to sum up once more, you 
only want AddObjectAuthorizationRules() method to be in your .NET Business 
Object library, not your Silverlight Business Object library, because 
AddObjectAuthorizationRules() is not needed on the silverlight side, and as you 
can see, it causes an error if it tries to call it due to Silverlight 
limitations with serialization.

Original comment by geoff.ma...@gmail.com on 10 Jun 2010 at 2:24

[GoogleCodeExporter]

Original comment by bniemyjski on 10 Jun 2010 at 2:48

• Changed state: Accepted

[GoogleCodeExporter]

I have updated the templates to wrap the AddObjectAuthorizationRules methods in 
#if !SILVERLIGHT compiler directives, if IncludeSilverlightSupport is enabled.  
I have attached the updated templates for c#.

Original comment by RoyMunso...@gmail.com on 17 Jun 2010 at 3:56

Attachments:

• ListAuthorizationRules.cst
• AuthorizationRules.cst
• DynamicRootList.cst
• EditableChild.cst
• EditableChildList.cst
• EditableRoot.cst
• EditableRootList.cst
• ReadOnlyChild.cst
• ReadOnlyChildList.cst
• ReadOnlyList.cst
• ReadOnlyRoot.cst
• SwitchableObject.cst
• DynamicRoot.cst

[GoogleCodeExporter]

Hello,

This has been fixed in revision 1716.

Thanks
-Blake Niemyjski

Original comment by bniemyjski on 19 Jun 2010 at 8:18

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by bniemyjski on 21 Jun 2010 at 8:08

• Added labels: Version-3.0.0