locked
Row Level CanUpdate in LightSwitch RRS feed

  • Question

  • I wish there was a row level <Entity>_CanUpdate in LightSwitch.

    Let me briefly explain why.

    I'm developing a system in which we will maintain various metadata information about our company's systems.  One piece of information is the Owner of the system.  And one of the main security rules is that only the Owner of a System can edit that System.  Other users can view all of the information pertaining to that System, but they can't modify any of it.

    I have actually come up with a way to handle this, but I don't particularly like it.

    Basically, I added a computed property to System called UserCanEdit, and the method that computes that property checks to see if the current user matches the Owner of the system.  Then I reference that property in the IsReadOnly method for each of the columns in System like this:

    result = !UserCanEdit;

    (Please forgive the negative logic.)

    This works quite well, and is on the Server side like I wanted. So why don't I like it? Because it's a little tedious to code - and maintain - if your entity has a lot of properties.  Seems like performance could be an issue as well.

    I'm just wondering if there's a better way before I start coding this all over my system. This seems like a very common business scenario to me.  Surely other developers have come up with their own solutions?

    If you have, please let me know.  Thank you.

    Thursday, August 21, 2014 2:36 PM

Answers

All replies

  • There are various ways of handling this, but I use WCF RIA Services that allow me to create read-only collections, it also allows me to have computed columns and to combine columns from multiple tables.

    I then able create re-usable methods that contain the security business rules that I use in my update methods.

    Again, there are various ways of handling this, but this is what works for me.


    Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book

    http://LightSwitchHelpWebsite.com

    • Marked as answer by Angie Xu Monday, September 1, 2014 1:12 AM
    Thursday, August 21, 2014 5:13 PM
  • Thank you for the responses.

    I'm afraid Jan's article completely loses me.  Maybe because I lack the context for the whole multi-tenant discussion.  I'm really not even sure what he's talking about.

    As for the RIA service suggestion, if I understand it correctly, your talking about re-shaping data based on business rules, serving it up as entities using a WCF RIA service.  That's a great idea (and I may use it for something else), but maybe it's overkill for what I'm trying to do?  Wouldn't I need to dynamically switch the entity my screen is bound to, depending on whether the displayed row is one the user is able to edit?

    For my System entity, what I really wish I had is a method like the existing Systems_CanUpdate, except it looks like this:

    partial void System_CanUpdate(System item, ref result)

    Or maybe something equivalent generated in the System.lsml.cs file.

    Thursday, August 21, 2014 7:31 PM
  • As for the RIA service suggestion, if I understand it correctly, your talking about re-shaping data based on business rules, serving it up as entities using a WCF RIA service.  That's a great idea (and I may use it for something else), but maybe it's overkill for what I'm trying to do?  Wouldn't I need to dynamically switch the entity my screen is bound to, depending on whether the displayed row is one the user is able to edit?

    No the Entity has a Update/Delete/Insert method that you can put in logic to restrict who can perform those operation on the Entity.

    But, As you point out, it may be overkill for your situation. However, once you get the hang of using WCF RIA Services it takes only 2-5 minutes to create the methods.


    Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book

    http://LightSwitchHelpWebsite.com

    Thursday, August 21, 2014 10:40 PM