Create Member Level And Object Permissions Via Code For Improved Security In XAF

Hello, Mark.
Currently, we do not have such an example in documentation, but we will add it in the next update. Below is the snippet that illustrates how to create member-level and object-level permissions in Updater.

C#
 private SecurityRole CreateDefaultRole() {  
    SecurityRole defaultRole = ObjectSpace.FindObject<SecurityRole>(new BinaryOperator("Name", "Default"));  
    if(defaultRole == null) {  
        defaultRole = ObjectSpace.CreateObject<SecurityRole>();  
        defaultRole.Name = "Default";  
        ObjectOperationPermissionData myDetailsPermission = ObjectSpace.CreateObject<ObjectOperationPermissionData>();  
        myDetailsPermission.TargetType = typeof(SecurityUser);  
        myDetailsPermission.Criteria = "[Oid] = CurrentUserId()";  
        myDetailsPermission.AllowNavigate = true;  
        myDetailsPermission.AllowRead = true;  
        myDetailsPermission.Save();  
        defaultRole.PersistentPermissions.Add(myDetailsPermission);  
        MemberOperationPermissionData userNamePermission = ObjectSpace.CreateObject<MemberOperationPermissionData>();  
        userNamePermission.TargetType = typeof(SecurityUser);  
        userNamePermission.Members = "ChangePasswordOnFirstLogon";  
        userNamePermission.AllowWrite = true;  
        userNamePermission.Save();  
        defaultRole.PersistentPermissions.Add(userNamePermission);  
        MemberOperationPermissionData ownPasswordPermission = ObjectSpace.CreateObject<MemberOperationPermissionData>();  
        ownPasswordPermission.TargetType = typeof(SecurityUser);  
        ownPasswordPermission.Members = "StoredPassword";  
        ownPasswordPermission.AllowWrite = true;  
        ownPasswordPermission.Save();  
        defaultRole.PersistentPermissions.Add(ownPasswordPermission);  
        ObjectOperationPermissionData defaultRolePermission = ObjectSpace.CreateObject<ObjectOperationPermissionData>();  
        defaultRolePermission.TargetType = typeof(SecurityRole);  
        defaultRolePermission.Criteria = "[Name] = 'Default'";  
        defaultRolePermission.AllowNavigate = true;  
        defaultRolePermission.AllowRead = true;  
        defaultRolePermission.Save();  
        defaultRole.PersistentPermissions.Add(defaultRolePermission);  
    }  
    return defaultRole;  
}

You can also refer to the SecurityDemo sources to see more examples.
Thanks,
Konstantin B

Create Member Level And Object Permissions Via Code For Improved Security In XAF

Recently viewed tickets