Suppose your team is responsible for creating a module with some kind of Permission so when the system is granted that permission a block of code will be executed, something like
and then you pass your module to another team or another consumer and he decides to use the “EVIL ONE” property that is exposed by DevExpress.ExpressApp.Security.SecurityBase class is name IsGrantedForNonExistentPermission and can be changed easily as shown in the next image
What it does? As its name states inverse the behavior of the SecuritySystem.IsGranted method.
Default values for SecurityComplex is false but if the consumer of your module set it to true for his own reasons and you have not assign that permission to any role then unwanted code will be executed at your module which is very very very bad. In the scenario we are working on it will corrupt the model!!
So you have to be careful when you write code that uses the IsGranted method cause someone may inverse that behavior
A solution will be to create your own IsGranted method when you do not want that to happen like
var securityComplex = ((SecurityComplex) SecuritySystem.Instance);
bool isGrantedForNonExistentPermission = securityComplex.IsGrantedForNonExistentPermission;
securityComplex.IsGrantedForNonExistentPermission = false;
bool granted = SecuritySystem.IsGranted(permission);
see you at next tip