DelegateCommandBase & Proactive security

May 15, 2013 at 7:46 AM
Hi,
I want to be able to disable my buttons/menuitems in case the server (through AzMan) does not authorize the corresponding action.
To achieve that the client (at startup) receives a list of allowed operations from the server.
I've build a SecureDelegateCommand class that inherits from DelegateCommandBase.
I'd like to know if I'm on the right track with my implementation.
Here is my code :
Add the service in MefBootstrapper :
        protected override void ConfigureContainer()
        {
            base.ConfigureContainer();

            // Registers the current composition container.
            this.Container.ComposeExportedValue<CompositionContainer>(this.Container);
            this.Container.ComposeExportedValue<IUserSettingsService>(new UserSettingsService());
        }
The SecureDelegateCommand implementation :
    public class SecureDelegateCommand<T> : DelegateCommandBase
    {
        public SecureDelegateCommand(Action<T> executeMethod, string operationName)
            : base((o) => executeMethod((T)o), (o) => 
                {
                    var container = ServiceLocator.Current.GetInstance<CompositionContainer>();
                    var userSettings = container.GetExportedValue<IUserSettingsService>();
                    return userSettings.IsOperationAuthorized(operationName);
                })
        {
        }

        public SecureDelegateCommand(Action<T> executeMethod, Func<T, bool> canExecuteMethod, string operationName)
            : base((o) => executeMethod((T)o), (o) =>
                {
                    var container = ServiceLocator.Current.GetInstance<CompositionContainer>();
                    var userSettings = container.GetExportedValue<IUserSettingsService>();
                    if (!userSettings.IsOperationAuthorized(operationName))
                        return false;
                    return canExecuteMethod((T)o);
                })
        {
        }
    }
Usage :
this.ConsultCommand = new SecureDelegateCommand<object>(this.OnConsult, this.CanConsult, "ActionName");
May 15, 2013 at 5:11 PM
Hi,

Based on my understanding, the code you provided seems to be correct. I believe you are in the right track with your approach.

Regards,

Federico Martinez
http://blogs.southworks.net/fmartinez