Questions to CSLA?

  1. In those CanDeleteObject(), CanEditObject() authentication functions, can we not to hard code the permitted role list? In another words, instead of coding like this:
    public static bool CanGetObject()
    { if (Csla.ApplicationContext.User.IsInRole(“TraineeViewGroup”))
    return true;
    return false;
    Can we code this way?
    return AppSecurity.CanGetObject(string objectname)
    This AppSecurity will check the reference from db or xml file to make sure user’s role is in the permitted role list. (So AddAuthorizationRules() is not needed anymore.)
  2. How to do lazy load for those parent-child relationship?
  3. To switch authentication from windows to csla customized mode, we have to change the cfg file. Because csla.ApplicationContext.Authentication property only has getter, so pass the authentication mode from application UI / form to security assembly seems impossible, unless we hack into csla source code to change Authentication’s getter not always read from cfg file and add a setter, or add a different object to hold this authentication setting which could be set in UI/form.
  4. How hard to translate CLSA’s ActiveRecord pattern to repository pattern based on SRP (simple responsibility principal), code example.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s