Consider the following access control rule defined in the business rules class of the Northwind sample.
The rule will limit the list of customers to those from USA and having the Contact Title of Owner if the end user is not in the role of SuperUser.
C#:
using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using MyCompany.Data;
namespace MyCompany.Rules
{
public partial class CustomersBusinessRules : MyCompany.Data.BusinessRules
{
[AccessControl("Customers", "CustomerID",
"select CustomerID from Customers " +
"where Country = @Country and ContactTitle = @ContactTitle")]
public void LimitAccessToCustomersFromUSA()
{
if (!UserIsInRole("SuperUser"))
{
RestrictAccess("@Country", "USA");
RestrictAccess("@ContactTitle", "Owner");
}
}
}
}
VB:
Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq
Namespace MyCompany.Rules
Partial Public Class CustomersBusinessRules
Inherits MyCompany.Data.BusinessRules
<AccessControl("Customers", "CustomerID",
"select CustomerID from Customers " +
"where Country = @Country and ContactTitle = @ContactTitle")>
Public Sub LimitAccessToCustomersFromUSA()
If (Not UserIsInRole("SuperUser")) Then
RestrictAccess("@Country", "USA")
RestrictAccess("@ContactTitle", "Owner")
End If
End Sub
End Class
End Namespace
This is the effect of the method LimitAccessToCustomersFromUSA when a list of customers presented to the standard user account admin. This user account has two roles associated with it - Administrators and Users. The absence of the SuperUser role activates the restriction.
What if you want to expand this rule and apply another SQL-based restriction to the same data controller for a different user role?
Simply add another method to the business rules class. For example, the following method will extend the restrictions to include customers from United Kingdom located in the city of London. The restriction will apply to all users. Notice that we have specified @Country2 parameter to ensure that there will be no conflict with the parameter @Country if both access control rules are applied at runtime.
C#:
[AccessControl("Customers", "CustomerID",
"select CustomerID from Customers " +
"where Country = @Country2 and City = @City")]
public void ShowUnitedKingdomCustomers()
{
if (UserIsInRole("Users"))
{
RestrictAccess("@Country2", "UK");
RestrictAccess("@City", "London");
}
}
VB:
<AccessControl("Customers", "CustomerID",
"select CustomerID from Customers " +
"where Country = @Country2 and City = @City")>
Public Sub ShowUnitedKingdomCustomers()
If (UserIsInRole("Users")) Then
RestrictAccess("@Country2", "UK")
RestrictAccess("@City", "London")
End If
End Sub
This is the view of customers presented to the admin user. Both access control rules have a cumulative effect if conditional expressions in methods LimitAccessToCustomersFromUSA and ShowUnitedKingdomCustomers are evaluated as true. The admin user account belongs to Users and is not a SuperUser.