Thursday, September 24, 2009

Xaf Tip # 7 Dangerous Switch

My good friend Martin Praxmarer while we are working on some cool feature for the new ModelDifference eXpand module pointed out the existence of an evil switch

Suppose your team is responsible for creating a module with some kind of Permission so when the system is granted that permission a block of code will be executed, something like

if (SecuritySystem.IsGranted(new MyPermission())){
    //do something

}

and then you pass your module to another team or another consumer and he decides to use the “EVIL ONE” property that is exposed by DevExpress.ExpressApp.Security.SecurityBase class is name IsGrantedForNonExistentPermission and can be changed easily as shown in the next image

image

What it does? As its name states inverse the behavior of the SecuritySystem.IsGranted method.
Default values for SecurityComplex is false but if the consumer of your module set it to true for his own reasons and you have not assign that permission to any role then unwanted code will be executed at your module which is very very very bad. In the scenario we are working on it will corrupt the model!!

So you have to be careful when you write code that uses the IsGranted method cause someone may inverse that behavior

A solution will be to create your own IsGranted method when you do not want that to happen like

public bool IsGranted(IPermission permission){            
    var securityComplex = ((SecurityComplex) SecuritySystem.Instance);
    bool isGrantedForNonExistentPermission = securityComplex.IsGrantedForNonExistentPermission;
    securityComplex.IsGrantedForNonExistentPermission = false;
    bool granted = SecuritySystem.IsGranted(permission);
    securityComplex.IsGrantedForNonExistentPermission=isGrantedForNonExistentPermission;
    return granted;
}

see you at next tip

Technorati Tags: ,,

Subscribe to XAF feed
Subscribe to community feed

DiggIt!
blog comments powered by Disqus