Strange behavior of attributes on Task Item

Aug 26, 2009 at 2:42 PM

I got two roles that include de same task.  On this task there is an operation assigned. On all levels I have an attribute to specify the context.

If I give "Allow" access to the first Role and "Neutral" to the second Role and I perform a CheckAccess on the operation, I get the 3 attributes in the Authorization path. (Role, Task, Operation) in return.  If I give "Neutral" access to the first Role and "Allow" to the second role, I only get the operation and role attribute back. (Task attribute missing) This behavior only exists if I have a BizRule on the operation level. If I clear the BizRule on Operation level, it behaves the same in both situations.

Hereunder the exported store.

<?xml version="1.0" encoding="utf-8"?><!--*************************************--><!--.NET SQL Authorization Manager (Ms-PL)--><!--*************************************--><!--http://netsqlazman.codeplex.com--><!--Andrea Ferendeles--><!--*************************************--><!--Creation Date: 26/08/2009 16.31.54--><!--NetSqlAzMan Run-Time version: 3.6.0.2--><!--NetSqlAzMan Database version: 3.6.0.x--><!--*************************************--><NetSqlAzMan><Store Name="AET Authorization Store" Description="The repository for All In house developped DotNet Applications of AET"><Attributes /><Permissions><Managers /><Users /><Readers /></Permissions><StoreGroups><StoreGroup Name="BIM AET" Description="BIM AET Members" Sid="3a5a42fd-7fe6-4816-ad3c-ca4d05f294e0" LDAPQuery="" GroupType="Basic"><StoreGroupMembers><StoreGroupMember Sid="S-1-5-21-438944752-2972468009-2351147435-3249" WhereDefined="LDAP" IsMember="True" /><StoreGroupMember Sid="S-1-5-21-438944752-2972468009-2351147435-3248" WhereDefined="LDAP" IsMember="True" /></StoreGroupMembers></StoreGroup></StoreGroups><Applications><Application Name="Trading Hub" Description="Contains All Roles for the TradingHub Service"><Attributes /><Permissions><Managers /><Users /><Readers /></Permissions><ApplicationGroups /><Items><Item Name="Change Status" Description="" ItemType="Operation"><Attributes /><Members /><Authorizations /></Item><Item Name="Create Deal" Description="" ItemType="Operation"><Attributes><Attribute Key="Operation" Value="Deal Create" /></Attributes><BizRule BizRuleSourceLanguage="CSharp"><![CDATA[using System;
using System.Security.Principal;
using System.IO;
using System.Data;
using System.Collections;
using System.Collections.Specialized;
using System.Collections.Generic;
using System.Text;
using NetSqlAzMan;
using NetSqlAzMan.Interfaces;

namespace Trading_Hub.BizRules
{
    public sealed class BizRule : IAzManBizRule
    {
        public BizRule()
        { }

        public bool Execute(Hashtable contextParameters, IAzManSid identity, IAzManItem ownerItem, ref AuthorizationType authorizationType)
        {
            //Insert your code here
            //Assign authorizationType to some AuthorizationType value to force CheckAccess result for this item.
            return true;
        }
    }
}
]]></BizRule><Members /><Authorizations /></Item><Item Name="Deal Capture" Description="" ItemType="Task"><Attributes><Attribute Key="Task" Value="Deal Capture" /></Attributes><Members><Member Name="Create Deal" MemberType="Operation" /><Member Name="Change Status" MemberType="Operation" /></Members><Authorizations /></Item><Item Name="GAS Trader" Description="" ItemType="Role"><Attributes><Attribute Key="ETRM" Value="&lt;Context&gt;&lt;Book&gt;GIST&lt;/Book&gt;&lt;/Context&gt;" /></Attributes><Members><Member Name="Deal Capture" MemberType="Task" /></Members><Authorizations><Authorization Owner="S-1-5-21-438944752-2972468009-2351147435-2471" OwnerSidWhereDefined="LDAP" Sid="3a5a42fd-7fe6-4816-ad3c-ca4d05f294e0" SidWhereDefined="Store" AuthorizationType="Allow" ValidFrom="Null" ValidTo="Null"><Attributes /></Authorization></Authorizations></Item><Item Name="Power Trader" Description="" ItemType="Role"><Attributes><Attribute Key="ETRM" Value="&lt;Context&gt;&lt;Book&gt;IPIT&lt;/Book&gt;&lt;/Context&gt;" /></Attributes><Members><Member Name="Deal Capture" MemberType="Task" /></Members><Authorizations><Authorization Owner="S-1-5-21-438944752-2972468009-2351147435-2471" OwnerSidWhereDefined="LDAP" Sid="3a5a42fd-7fe6-4816-ad3c-ca4d05f294e0" SidWhereDefined="Store" AuthorizationType="Neutral" ValidFrom="Null" ValidTo="Null"><Attributes /></Authorization></Authorizations></Item></Items></Application></Applications></Store></NetSqlAzMan><!--*************************************--><!--.NET SQL Authorization Manager (Ms-PL)--><!--*************************************-->

Coordinator
Aug 26, 2009 at 8:46 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.