I've just run into an issue with my simple app that prevents me from saving objects that inherent from other objects with the error:
"You can not save the 'DevExpress.ExpressApp.DC.GeneratedClasses.IAwardData_Data_Matter(**guid**)' object due to security restrictions."
(where **guid** is an actual GUID)
This issue may be linked to my upgrade from vol 2.5 to vol 2.7, but I'm not positive as other changes were made. In the attached app, both "Client" and "Matter" are impacted.
Steps to Reproduce:
Run the attached project.
Open the "Administrator" Role detail view. -> The Permissions list view does not contain types for many-to-many associations.
Try to create and save a Matter object. -> A security exception is raised.
Refresh the "Administrator" Role detail view. -> The Permissions list view now contains DevExpress.ExpressApp.DC.GeneratedClasses group with intermediate entities, but access to them is denied.
We have closed this ticket because another page addresses its subject:
Security.DC - The IsGranted method always returns 'false' for entities that were registered with the help of the XafTypesInfo.Instance.RegisterSharedPart methodSecurity.DC - Intermediate entities for many-to-many associations are not registered, and access to them is denied
Answers approved by DevExpress Support
I have already posted a solution for this at:
http://community.devexpress.com/forums/t/107287.aspx#362351
I have modified a little bit to take care of secured non persistent types.
Here is the code (same as the attached file)
Visual Basic Imports DevExpress.ExpressApp.Security
Imports DevExpress.ExpressApp.DC
Imports DevExpress.ExpressApp
Namespace Security
Public Class SecurityStrategyComplexEx
Inherits SecurityStrategyComplex
Public Sub New()
End Sub
Public Sub New(ByVal userType As Type, ByVal roleType As Type, ByVal authentication As AuthenticationBase)
MyBase.New(userType, roleType, authentication)
End Sub
Public Overrides Function IsGranted(permissionRequest As IPermissionRequest) As Boolean
If TypeOf permissionRequest Is AnyMemberOperationPermissionRequest Then
Dim request As AnyMemberOperationPermissionRequest = CType(permissionRequest, AnyMemberOperationPermissionRequest)
Dim TypeInfo As ITypeInfo = XafTypesInfo.Instance.FindTypeInfo(request.ObjectType)
Dim Found As Boolean = False
For Each TI As ITypeInfo In XafTypesInfo.Instance.PersistentTypes
If TI.Equals(TypeInfo) Then
Found = True
Exit For
End If
Next
If Not Found Then
If Not SecurityStrategy.SecuredNonPersistentTypes.Contains(TypeInfo.Type) Then
Return True
End If
End If
End If
Return MyBase.IsGranted(permissionRequest)
End Function
End Class
End Namespace
Santiago,
Thank you for taking your time to post this temporary solution here. We highly appreciate it.
Hi Dennis,
I ran into the same problem with 14.1.
Only administrators can save objects which are derived from IPersistentResource.
The solution above does not solve it in my case, because the IsGranted method never hits the generated types of the inherited interfaces.
Regards,
Peter
@Peter: Let's continue discussing your case in the separate thread you created: T142027. I would also kindly ask you to update it with your sample project, so we can see the problem in action and debug it. If you can replicate this behavior with a DC-version of our SecurityDemo, please also provide us with it and required repro steps.
Hi Will,
Thank you for the report. This issue is caused by a bug in our framework. We will fix it as soon as we can.
Thanks,
Michael.
Hi Will,
We have investigated this issue and found out that it is caused by an absence of DC shared parts support in the new security system (see issue Security.DC - The IsGranted method always returns 'false' for entities that were registered with the help of the XafTypesInfo.Instance.RegisterSharedPart method). We cannot fix it immediately as it requires implementing additional improvements in the new security system. We will do our best to address this scenario as soon as we can.
Thanks,
Michael.