private SecuritySystemMemberPermissionsObject CreateUserMemberPermission(string member)
{
SecuritySystemMemberPermissionsObject memberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
memberPermission.Members = member;
memberPermission.AllowWrite = true;
return(memberPermission);
}
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateDefaultRole()
{
DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole defaultRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Default"));
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>();
defaultRole.Name = "Default";
SecuritySystemTypePermissionObject securityDemoUserPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
securityDemoUserPermissions.TargetType = typeof(SecuritySystemUser);
defaultRole.TypePermissions.Add(securityDemoUserPermissions);
SecuritySystemObjectPermissionsObject myDetailsPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//myDetailsPermission.TargetType = typeof(SecuritySystemUser);
myDetailsPermission.Criteria = "[Oid] = CurrentUserId()";
myDetailsPermission.AllowNavigate = true;
myDetailsPermission.AllowRead = true;
securityDemoUserPermissions.ObjectPermissions.Add(myDetailsPermission);
//defaultRole.PersistentPermissions.Add(myDetailsPermission);
SecuritySystemTypePermissionObject userPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userPermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemUser);
defaultRole.TypePermissions.Add(userPermissions);
SecuritySystemMemberPermissionsObject ownPasswordPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//ownPasswordPermission.TargetType = typeof(SecurityUser);
ownPasswordPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword";
ownPasswordPermission.AllowWrite = true;
userPermissions.MemberPermissions.Add(ownPasswordPermission);
//defaultRole.PersistentPermissions.Add(ownPasswordPermission);
SecuritySystemTypePermissionObject securityRolePermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
securityRolePermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole);
defaultRole.TypePermissions.Add(userPermissions);
SecuritySystemObjectPermissionsObject defaultRolePermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//defaultRolePermission.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole);
defaultRolePermission.Criteria = "[Name] = 'Default'";
defaultRolePermission.AllowNavigate = true;
defaultRolePermission.AllowRead = true;
securityRolePermissions.ObjectPermissions.Add(defaultRolePermission);
//defaultRole.PersistentPermissions.Add(defaultRolePermission);
}
return(defaultRole);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
// Administrative role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
// Administrator user
SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Administrator"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.SetPassword("");
adminUser.Roles.Add(adminRole);
}
// A role whith type-level permissions
SecuritySystemRole contactsManagerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contacts Manager"));
if (contactsManagerRole == null)
{
contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactsManagerRole.Name = "Contacts Manager";
SecuritySystemTypePermissionObject contactTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactTypePermission.TargetType = typeof(Contact);
contactTypePermission.AllowCreate = true;
contactTypePermission.AllowDelete = true;
contactTypePermission.AllowNavigate = true;
contactTypePermission.AllowRead = true;
contactTypePermission.AllowWrite = true;
contactsManagerRole.TypePermissions.Add(contactTypePermission);
}
SecuritySystemUser userSam =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Sam"));
if (userSam == null)
{
userSam = ObjectSpace.CreateObject <SecuritySystemUser>();
userSam.UserName = "******";
userSam.SetPassword("");
userSam.Roles.Add(contactsManagerRole);
}
// A role with object-level permissions
SecuritySystemRole basicUserRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Basic User"));
if (basicUserRole == null)
{
basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>();
basicUserRole.Name = "Basic User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
basicUserRole.TypePermissions.Add(userTypePermission);
}
SecuritySystemUser userJohn =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "John"));
if (userJohn == null)
{
userJohn = ObjectSpace.CreateObject <SecuritySystemUser>();
userJohn.UserName = "******";
userJohn.SetPassword("");
userJohn.Roles.Add(basicUserRole);
}
// A role with member-level permissions
SecuritySystemRole contactViewerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contact Viewer"));
if (contactViewerRole == null)
{
contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactViewerRole.Name = "Contact Viewer";
SecuritySystemTypePermissionObject contactLimitedTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactLimitedTypePermission.TargetType = typeof(Contact);
contactLimitedTypePermission.AllowNavigate = true;
SecuritySystemMemberPermissionsObject contactMemberPermission =
ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
contactMemberPermission.Members = "Name";
contactMemberPermission.AllowRead = true;
contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission);
contactViewerRole.TypePermissions.Add(contactLimitedTypePermission);
}
SecuritySystemUser userBill =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Bill"));
if (userBill == null)
{
userBill = ObjectSpace.CreateObject <SecuritySystemUser>();
userBill.UserName = "******";
userBill.SetPassword("");
userBill.Roles.Add(contactViewerRole);
}
// Contact objects are created for demo purposes
Contact contactMary = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "Mary Tellitson"));
if (contactMary == null)
{
contactMary = ObjectSpace.CreateObject <Contact>();
contactMary.Name = "Mary Tellitson";
contactMary.Email = "*****@*****.**";
}
Contact contactJohn = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "John Nilsen"));
if (contactJohn == null)
{
contactJohn = ObjectSpace.CreateObject <Contact>();
contactJohn.Name = "John Nilsen";
contactJohn.Email = "*****@*****.**";
}
ObjectSpace.CommitChanges();
}
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateSecurityDemoRole()
{
DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole securityDemoRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Demo"));
if (securityDemoRole == null)
{
securityDemoRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>();
securityDemoRole.Name = "Demo";
// Type Operation Permissions
SecuritySystemTypePermissionObject fullAccessPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
fullAccessPermission.TargetType = typeof(FullAccessObject);
fullAccessPermission.AllowCreate = true;
fullAccessPermission.AllowDelete = true;
fullAccessPermission.AllowNavigate = true;
fullAccessPermission.AllowRead = true;
fullAccessPermission.AllowWrite = true;
fullAccessPermission.Save();
securityDemoRole.TypePermissions.Add(fullAccessPermission);
SecuritySystemTypePermissionObject protectedContentPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
protectedContentPermission.TargetType = typeof(ProtectedContentObject);
protectedContentPermission.AllowNavigate = true;
protectedContentPermission.Save();
securityDemoRole.TypePermissions.Add(protectedContentPermission);
SecuritySystemTypePermissionObject readOnlyPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
readOnlyPermission.TargetType = typeof(ReadOnlyObject);
readOnlyPermission.AllowNavigate = true;
readOnlyPermission.AllowRead = true;
readOnlyPermission.Save();
securityDemoRole.TypePermissions.Add(readOnlyPermission);
SecuritySystemTypePermissionObject irremovablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
irremovablePermission.TargetType = typeof(IrremovableObject);
irremovablePermission.AllowCreate = true;
irremovablePermission.AllowNavigate = true;
irremovablePermission.AllowRead = true;
irremovablePermission.AllowWrite = true;
irremovablePermission.Save();
securityDemoRole.TypePermissions.Add(irremovablePermission);
SecuritySystemTypePermissionObject uncreatablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
uncreatablePermission.TargetType = typeof(UncreatableObject);
uncreatablePermission.AllowDelete = true;
uncreatablePermission.AllowNavigate = true;
uncreatablePermission.AllowRead = true;
uncreatablePermission.AllowWrite = true;
uncreatablePermission.Save();
securityDemoRole.TypePermissions.Add(uncreatablePermission);
// Member Operation Permissions
SecuritySystemTypePermissionObject navigateMemberLevelOperationObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
navigateMemberLevelOperationObjectPermission.TargetType = typeof(MemberLevelSecurityObject);
navigateMemberLevelOperationObjectPermission.AllowCreate = true;
navigateMemberLevelOperationObjectPermission.AllowDelete = true;
navigateMemberLevelOperationObjectPermission.AllowNavigate = true;
navigateMemberLevelOperationObjectPermission.Save();
securityDemoRole.TypePermissions.Add(navigateMemberLevelOperationObjectPermission);
SecuritySystemMemberPermissionsObject readWriteMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//readWriteMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
readWriteMemberPermission.Members = "ReadWriteProperty; Name; oid; Oid; OptimisticLockField"; // TODO - Slava D - service fields - XPO responsibility
readWriteMemberPermission.AllowRead = true;
readWriteMemberPermission.AllowWrite = true;
readWriteMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readWriteMemberPermission);
//securityDemoRole.TypePermissions.Add(readWriteMemberPermission);
SecuritySystemMemberPermissionsObject protectedContentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//protectedContentMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
protectedContentMemberPermission.Members = "ProtectedContentProperty; ProtectedContentCollection";
protectedContentMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(protectedContentMemberPermission);
//securityDemoRole.TypePermissions.Add(protectedContentMemberPermission);
SecuritySystemMemberPermissionsObject readOnlyMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//readOnlyMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
readOnlyMemberPermission.Members = "ReadOnlyProperty; ReadOnlyCollection";
readOnlyMemberPermission.AllowRead = true;
readOnlyMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readOnlyMemberPermission);
//securityDemoRole.TypePermissions.Add(readOnlyMemberPermission);
SecuritySystemTypePermissionObject memberLevelReferencedObject1Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
memberLevelReferencedObject1Permission.TargetType = typeof(MemberLevelReferencedObject1);
memberLevelReferencedObject1Permission.AllowRead = true;
memberLevelReferencedObject1Permission.AllowWrite = true;
memberLevelReferencedObject1Permission.AllowCreate = true;
memberLevelReferencedObject1Permission.AllowDelete = true;
memberLevelReferencedObject1Permission.Save();
securityDemoRole.TypePermissions.Add(memberLevelReferencedObject1Permission);
SecuritySystemTypePermissionObject memberLevelReferencedObject2Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
memberLevelReferencedObject2Permission.TargetType = typeof(MemberLevelReferencedObject2);
memberLevelReferencedObject2Permission.AllowRead = true;
memberLevelReferencedObject2Permission.AllowWrite = true;
memberLevelReferencedObject2Permission.AllowCreate = true;
memberLevelReferencedObject2Permission.AllowDelete = true;
memberLevelReferencedObject2Permission.Save();
securityDemoRole.TypePermissions.Add(memberLevelReferencedObject2Permission);
// Object Operation Permissions
SecuritySystemTypePermissionObject navigateObjectLevelSecurityObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
navigateObjectLevelSecurityObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
navigateObjectLevelSecurityObjectPermission.AllowNavigate = true;
navigateObjectLevelSecurityObjectPermission.Save();
securityDemoRole.TypePermissions.Add(navigateObjectLevelSecurityObjectPermission);
SecuritySystemObjectPermissionsObject fullAccessObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//fullAccessObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
fullAccessObjectPermission.Criteria = "[Name] Like '%Fully Accessible%'";
//fullAccessObjectPermission.AllowCreate = true;
fullAccessObjectPermission.AllowDelete = true;
fullAccessObjectPermission.AllowNavigate = true;
fullAccessObjectPermission.AllowRead = true;
fullAccessObjectPermission.AllowWrite = true;
fullAccessObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(fullAccessObjectPermission);
//securityDemoRole.TypePermissions.Add(fullAccessObjectPermission);
SecuritySystemObjectPermissionsObject protectedContentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//protectedContentObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
protectedContentObjectPermission.Criteria = "[Name] Like '%Protected%'";
protectedContentObjectPermission.AllowNavigate = true;
protectedContentObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(protectedContentObjectPermission);
//securityDemoRole.TypePermissions.Add(protectedContentObjectPermission);
SecuritySystemObjectPermissionsObject readOnlyObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//readOnlyObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
readOnlyObjectPermission.Criteria = "[Name] Like '%Read-Only%'";
readOnlyObjectPermission.AllowNavigate = true;
readOnlyObjectPermission.AllowRead = true;
readOnlyObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(readOnlyObjectPermission);
//securityDemoRole.TypePermissions.Add(readOnlyObjectPermission);
SecuritySystemObjectPermissionsObject irremovableObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//irremovableObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
irremovableObjectPermission.Criteria = "[Name] Like '%Protected Deletion%'";
//irremovableObjectPermission.AllowCreate = true;
irremovableObjectPermission.AllowNavigate = true;
irremovableObjectPermission.AllowRead = true;
irremovableObjectPermission.AllowWrite = true;
irremovableObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(irremovableObjectPermission);
//securityDemoRole.TypePermissions.Add(irremovableObjectPermission);
securityDemoRole.Save();
}
return(securityDemoRole);
}
//Users can access and partially edit data (no create and delete capabilities) from their own department.
private SecuritySystemRole GetUserRole()
{
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "Users";
SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(Employee);
userRole.TypePermissions.Add(userTypePermission);
SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true;
canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;";
canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()";
canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString();
canEditOwnUserMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission);
SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;";
canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission);
SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
roleTypePermission.TargetType = typeof(SecuritySystemRole);
roleTypePermission.AllowRead = true;
userRole.TypePermissions.Add(roleTypePermission);
SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
taskTypePermission.TargetType = typeof(EmployeeTask);
taskTypePermission.AllowNavigate = true;
userRole.TypePermissions.Add(taskTypePermission);
SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditTaskAssociationsMemberPermission.Members = "AssignedTo;";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditTaskAssociationsMemberPermission.AllowWrite = true;
taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission);
SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true;
taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
departmentTypePermission.TargetType = typeof(Department);
userRole.TypePermissions.Add(departmentTypePermission);
SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewOwnDepartmentObjectPermission.AllowNavigate = true;
canViewOwnDepartmentObjectPermission.AllowRead = true;
canViewOwnDepartmentObjectPermission.Save();
departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditAssociationsMemberPermission.Members = "Employees;";
canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditAssociationsMemberPermission.AllowWrite = true;
departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission);
}
return(userRole);
}
