Closed StefanOssendorf closed 1 month ago
The problem I see is that this could allow someone without permissions to trigger business rules or other checks to run.
Though maybe not, as the saveable check is just looking at pre-set boolean values maybe?
Yes. The IsSavable
only looks at bools to determine the state of the object. And if a simple get of a property can trigger rules to run I would be surprised.
As shown in the diff I've changed the order in which the check is done to avoid calling
BusinessRules.HasPermission()
when it's clear it's already not savable by the other 3 properties.The results on my machine are (tested with the BusinessBase implementation):
The difference is only within nano seconds but I think with that easy change and it's probably called a lot by some users it's worth it. And it does not make the code over complicate or the like.
The test setup is: I copy & pasted the old implementation changed the property name and used the new implementation. My benchmark code is the following: