private void CheckCreateRights(IPersistenceObject obj)
{
// Do not only check in IZetboxContext.Create for creation rights, also here
// Object might be created by SerializableType
if (obj is IDataObject && obj.ObjectState == DataObjectState.New)
{
var ifType = GetInterfaceType(obj);
var cls = metaDataResolver.GetObjectClass(ifType);
if (cls == null)
{
Logging.Log.WarnFormat("obj=[{0}] ifType=[{1}]", obj.GetType().AssemblyQualifiedName, ifType.Type.AssemblyQualifiedName);
Logging.Log.WarnFormat("metaDataResolver=[{0}] => [{1}]", metaDataResolver.GetType().AssemblyQualifiedName, metaDataResolver.ToString());
throw new ApplicationException("Unexpected failure from metadata resolver");
}
cls = cls.GetRootClass();
if (identityStore != null && cls.HasAccessControlList() && !cls.GetGroupAccessRights(identityStore).HasCreateRights())
{
throw new System.Security.SecurityException(string.Format("The current identity has no rights to create an Object of type '{0}'", ifType.Type.FullName));
}
}
}
