locked
Add entities to EntitySet 'UserRegistrations' without SecurityAdministration permission RRS feed

  • Question

  • Hi all, 

    I created a screen for some specify user who doesn't have SecurityAdministrator permission can add Employee account. In this screen, user add Employee information and Lightswitch will automatically add new account to User Registration through this code:

    partial void Employees_Inserting(Employee entity)
            {
                var reg = (from regs in this.DataWorkspace.SecurityData.UserRegistrations
                           where regs.UserName == entity.IdentityCardNo
                           select regs).FirstOrDefault();
                if (reg == null)
                {   
                    var newUser = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
                    newUser.UserName = entity.IdentityCardNo;
                    newUser.FullName = entity.FullName;
                    newUser.Password = "@123456";
                    
                    this.DataWorkspace.SecurityData.SaveChanges();
                    MembershipUser user = Membership.GetUser(entity.IdentityCardNo);
                    user.Email = entity.Email;
                    Membership.UpdateUser(user);
                    this.DataWorkspace.SecurityData.SaveChanges();
                }
    
            }

    but I got this error:

    The current user does not have permission to insert entities into the EntitySet 'UserRegistrations'.

    Is there any way to add user to UserRegistrations without SecurityAdministrator permission?



    • Edited by Little_1991 Friday, January 17, 2014 3:15 AM
    Friday, January 17, 2014 2:54 AM

Answers

  • The user must have the SecurityAdministrator permission but with your scenario, you could use the permission elevation feature to temporarily assign that permission within the server code. See the blog post about this feature: http://blogs.msdn.com/b/lightswitch/archive/2011/04/07/how-to-elevate-permissions-in-server-code-ravi-eda.aspx.

    Also, looking at your code, I notice that you are calling SaveChanges in the Inserting method.  This isn't necessary since adding a new entity with your call to AddNew will automatically include it in the change set to be persisted.  I encourage you to learn more about the save pipeline here: http://www.codemag.com/article/1103071.  You're code could probably be restructured to be like this:

    partial void Employees_Inserting(Employee entity)
    {
        var reg = (from regs in this.DataWorkspace.SecurityData.UserRegistrations
                   where regs.UserName == entity.IdentityCardNo
                   select regs).FirstOrDefault();
        if (reg == null)
        {   
            var newUser = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
            newUser.UserName = entity.IdentityCardNo;
            newUser.FullName = entity.FullName;
            newUser.Password = "@123456";
        }
    }
    
    partial void Employees_Inserted(Employee entity)
    {
        MembershipUser user = Membership.GetUser(entity.IdentityCardNo);
        user.Email = entity.Email;
        Membership.UpdateUser(user);
    }

    • Proposed as answer by Paul Van Bladel Friday, January 17, 2014 6:37 PM
    • Marked as answer by Little_1991 Saturday, January 18, 2014 2:58 AM
    Friday, January 17, 2014 2:28 PM

All replies

  • The user must have the SecurityAdministrator permission but with your scenario, you could use the permission elevation feature to temporarily assign that permission within the server code. See the blog post about this feature: http://blogs.msdn.com/b/lightswitch/archive/2011/04/07/how-to-elevate-permissions-in-server-code-ravi-eda.aspx.

    Also, looking at your code, I notice that you are calling SaveChanges in the Inserting method.  This isn't necessary since adding a new entity with your call to AddNew will automatically include it in the change set to be persisted.  I encourage you to learn more about the save pipeline here: http://www.codemag.com/article/1103071.  You're code could probably be restructured to be like this:

    partial void Employees_Inserting(Employee entity)
    {
        var reg = (from regs in this.DataWorkspace.SecurityData.UserRegistrations
                   where regs.UserName == entity.IdentityCardNo
                   select regs).FirstOrDefault();
        if (reg == null)
        {   
            var newUser = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
            newUser.UserName = entity.IdentityCardNo;
            newUser.FullName = entity.FullName;
            newUser.Password = "@123456";
        }
    }
    
    partial void Employees_Inserted(Employee entity)
    {
        MembershipUser user = Membership.GetUser(entity.IdentityCardNo);
        user.Email = entity.Email;
        Membership.UpdateUser(user);
    }

    • Proposed as answer by Paul Van Bladel Friday, January 17, 2014 6:37 PM
    • Marked as answer by Little_1991 Saturday, January 18, 2014 2:58 AM
    Friday, January 17, 2014 2:28 PM
  • Thanks Paul, your answer helped a lot.
    Saturday, January 18, 2014 2:58 AM
  • Hi,

    In fact, Matt Thalman answered your question. I just proposed it as answer :)


    paul van bladel

    Saturday, January 18, 2014 8:27 AM