/// <summary> /// Verifies the user is authorized to submit the current <see cref="ChangeSet"/>. /// </summary> /// <returns>True if the <see cref="ChangeSet"/> is authorized, false otherwise.</returns> protected virtual bool AuthorizeChangeSet() { foreach (ChangeSetEntry changeSetEntry in ChangeSet.ChangeSetEntries) { if (!changeSetEntry.ActionDescriptor.Authorize(ActionContext)) { return(false); } // if there are any custom method invocations for this operation // we need to authorize them as well if (changeSetEntry.EntityActions != null && changeSetEntry.EntityActions.Any()) { Type entityType = changeSetEntry.Entity.GetType(); foreach (var entityAction in changeSetEntry.EntityActions) { UpdateActionDescriptor customAction = Description.GetCustomMethod(entityType, entityAction.Key); if (!customAction.Authorize(ActionContext)) { return(false); } } } } return(!ChangeSet.HasError); }