Protocol should be updated to not allow person to de-active himself or change permissions

[MartinFijneman]

Prerequisites

• [X] I have written a descriptive issue title
• [X] I have verified that I am running the latest version of the CDP4 Web Services
• [X] I have searched open and closed issues to ensure it has not already been reported

Description

Currently it is possible for a person to de-activate himself. This can lead to a lock-out situation where there is no person with sufficient permissions to activate persons again (see example below).

The protocol should be updated so that persons are not allowed to de-activate themselves (and change their own permissions?)

Example: tested on public server, where the normal admin-user existed next to a testing user as domain expert (i.e. with no permissions to edit other persons).

• log in as admin
• edit person: uncheck "Active" box

The admin-user can now still perform tasks as long as he is connected. After deconnecting from the session however, the admin-user is not allowed in. This situation cannot be restored.

Please note that this test was performed on the public server (is not yet on 6.0.0 RC5)

Implementation:

• Implement (Person?) Side Effect
• Add documentation on Annex C side effects in CDP4 SDK Wiki.

Steps to Reproduce

see above. Needs testing on server that can be deleted/restored after performing these steps

System Configuration

• CDP4 Web Services version:
  • [] CDP4Common:
  • [ ] PostrgreSQL:
  • [ ] Other:
• Environment (Operating system, version and so on):
• .NET Framework version:
• Mono version:
• Additional information:

[samatstariongroup]

potential fix: update Person side-effect, when own person, do not allow updates of IsActive property (throw invalidoperationexception)