private void CheckCreateRights(IPersistenceObject obj) { // Do not only check in IZetboxContext.Create for creation rights, also here // Object might be created by SerializableType if (obj is IDataObject && obj.ObjectState == DataObjectState.New) { var ifType = GetInterfaceType(obj); var cls = metaDataResolver.GetObjectClass(ifType); if (cls == null) { Logging.Log.WarnFormat("obj=[{0}] ifType=[{1}]", obj.GetType().AssemblyQualifiedName, ifType.Type.AssemblyQualifiedName); Logging.Log.WarnFormat("metaDataResolver=[{0}] => [{1}]", metaDataResolver.GetType().AssemblyQualifiedName, metaDataResolver.ToString()); throw new ApplicationException("Unexpected failure from metadata resolver"); } cls = cls.GetRootClass(); if (identityStore != null && cls.HasAccessControlList() && !cls.GetGroupAccessRights(identityStore).HasCreateRights()) { throw new System.Security.SecurityException(string.Format("The current identity has no rights to create an Object of type '{0}'", ifType.Type.FullName)); } } }