locked
How to elevate permissions in entities related in a 1 to 0..1 relationship RRS feed

Answers

  • Bonjour Jean Pierre,

    The _Created method is not a server side method. Permission elevation is a "server side only" mechanism.

    Try to do it in the _inserting method instead.

    Permission elevation for client side method, would not really be secure (elevating the permission would be the same as just giving the permission). The idea is that permission elevation can only be applied in a "secure area", i.e. the server context and only in a limited scope.

    Bien à vous

    paul.


    paul van bladel


    Thursday, May 23, 2013 6:36 PM

All replies

  • In earlier LS versions, permission elevation worked only in the "save" pipeline.

    In V3 it works also in the retrieve pipeline, so the last article you reference is no longer up to date on that point.

    I think it's a good practice to split an entity via an 1--0..1 relation for the reason you mention, but I'm not completely seeing the picture why you need permission elevation in this situation.

    You mention that the CRUD permissions can be different between you 2 entities, so why can this mechanism not simply do its work ?


    paul van bladel

    Wednesday, May 22, 2013 8:14 PM
  • Dear Paul,

    Thank you for your reply.

    At the moment of the creation of entity A I must
    create the entity B. This is according to best practices in 1 to 0..1
    relationships. This happens in the A_Created method. But If the user that is
    creating the entity A does not have CRUD permissions for the entity B then the
    problem arises.

    Is it possible to elevate permissions in the A_Created
    method? This is not possible according to the obsolete mentioned article.



    Thursday, May 23, 2013 5:16 PM
  • Bonjour Jean Pierre,

    The _Created method is not a server side method. Permission elevation is a "server side only" mechanism.

    Try to do it in the _inserting method instead.

    Permission elevation for client side method, would not really be secure (elevating the permission would be the same as just giving the permission). The idea is that permission elevation can only be applied in a "secure area", i.e. the server context and only in a limited scope.

    Bien à vous

    paul.


    paul van bladel


    Thursday, May 23, 2013 6:36 PM
  • ...In V3 it works also in the retrieve pipeline, so the last article you reference is no longer up to date on that point...


    paul van bladel

    Do you have a good flowchart diagram about the retrieve pipeline?

    Friday, May 24, 2013 8:38 PM
  • I don't have such a flowchart but in the book of Yann Duran and Tim Leung you can find one I think:

    Pro Visual Studio LightSwitch 2011 Development

    I just wrote an article about permission elevation in the retrieve pipeline which might, apart from reading Yann's and Tim's book,  be helpful for you as well

    A CASE FOR SERVER SIDE PERMISSION ELEVATION IN THE LIGHTSWITCH RETRIEVE PIPELINE


    paul van bladel

    Saturday, May 25, 2013 8:16 AM
  • I have moved the code from the _Created method to the _Inserting method and made the permission elevation there. I had to make some adjustments but now it's running fine. I have the mentioned book. I will search there for a flow chart of the retrieve pipeline. I will also read carefully your article. Thank you! Jean Pierre
    Saturday, May 25, 2013 1:05 PM
  • Thank you too Jean Pierre.

    paul van bladel

    Saturday, May 25, 2013 6:10 PM