BuyLog In
Ticket T269724
Visible to All Users
Duplicate

We have closed this ticket because another page addresses its subject:

Security - Provide a way to adjust UI according to the permission changes done through the application UI or directly in the database

How do I reset the security permissions cache without logging in again after an administrator has changed user rights?

created 10 years ago

Dear Support,

I use this code to check if user has a permission or not. In this example, i want to check if user has 'Navigate' permission:

SecuritySystem.IsGranted(New ClientPermissionRequest(objecttype, Nothing, Nothing, SecurityOperations.Navigate))

The code works fine but I see that it looks like this function uses 'cached' permissions to check. For example, presently user has this permission and he has logged into the system. After that, the administrator removes this permission while the user is still logging. In this case I see that permission is still TRUE. But if user logs off then log in again, this function will return FALSE.

So my question is: how to ensure the above function always uses the latest permission ?

Thank you

Comments (3)
Dennis Garavsky (DevExpress) 10 years ago

    Hello Gregory,

    I apologize for the delayed response. We are working on your issue and will get to you as soon as we can. Please bear with us.
    For now, you can try to 'refresh' permissions by re-logging the user programmatically:

    Code
    object oldLogonObjectSpaceParam = SecuritySystem.Instance.LogonParameters;  
  SecuritySystem.Instance.Logoff();  
  (SecuritySystem.Instance as SecurityStrategy).Authentication.SetLogonParameters(oldLogonObjectSpaceParam);  
  SecuritySystem.Instance.Logon(Application.CreateObjectSpace());
    GM GM
    Gregory Meier 10 years ago

      Thank Dennis,
      Sorry I think this code cannot work in my case because we cannot know if we need to logoff or not. You know that administrator and client use different machines.
      Waiting for your next response.
      Thank you

      Dennis Garavsky (DevExpress) 10 years ago

        Thanks for the additional info, Gregory. We will consider it when preparing the final answer.

        Sign in to comment on this post

        Answers approved by DevExpress Support

        created 10 years ago

        Hello Gregory,
        We invite you to test the new solution we implemented in v15.1.6. Please check out the Security - Provide a way to adjust UI according to the permission changes done through the application UI or directly in the database thread for instructions.
        We greatly appreciate your time and are looking forward to receiving your feedback in this regard.

          Sign in to comment on this post
          created 10 years ago (modified 10 years ago)

          Hello Gregory,

          In cases when you cannot re-logon on demand manually, consider handling other application events to call this code and thus refresh permissions:

          Code
          object oldLogonObjectSpaceParam = SecuritySystem.Instance.LogonParameters;  
  SecuritySystem.Instance.Logoff();  
  (SecuritySystem.Instance as SecurityStrategy).Authentication.SetLogonParameters(oldLogonObjectSpaceParam);  
  SecuritySystem.Instance.Logon(Application.CreateObjectSpace());

          The choice of these application events varies a lot based on your business application requirements, and changing them too often may negatively affect the overall application performance.
          For instance, as a last resort, you may want to call this code from the overridden IsGranted method of the SecurityStrategyComplex descendant right before the base.IsGranted call, which happens on each access of the application UI to the security system. For most application scenarios, it can be more appropriate to re-logon more rarely. For instance, consider calling the aforementioned routines in the IObjectSpace.Reloaded event handler or on timer. Again, there may be other suitable places based on your needs. Let me know if you require any further assistance with this task.

            Comments (2)
            GM GM
            Gregory Meier 10 years ago

              Thanks Dennis.

              Dennis Garavsky (DevExpress) 10 years ago

                You're always welcome!

                Sign in to comment on this post

                Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

                Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.