/// <summary>
/// Verifies the user is authorized to submit the current <see cref="ChangeSet"/>.
/// </summary>
/// <returns>True if the <see cref="ChangeSet"/> is authorized, false otherwise.</returns>
protected virtual bool AuthorizeChangeSet()
{
foreach (ChangeSetEntry changeSetEntry in ChangeSet.ChangeSetEntries)
{
if (!changeSetEntry.ActionDescriptor.Authorize(ActionContext))
{
return(false);
}
// if there are any custom method invocations for this operation
// we need to authorize them as well
if (changeSetEntry.EntityActions != null && changeSetEntry.EntityActions.Any())
{
Type entityType = changeSetEntry.Entity.GetType();
foreach (var entityAction in changeSetEntry.EntityActions)
{
UpdateActionDescriptor customAction = Description.GetCustomMethod(entityType, entityAction.Key);
if (!customAction.Authorize(ActionContext))
{
return(false);
}
}
}
}
return(!ChangeSet.HasError);
}
