RIA services allows you to add an attribute to a domain service method like: RequiresRole("Admin"). This will automatically check if the user calling that method has the correct security to do so. I would like to do something similar for a property on an entity. For example, only users in the role "Manager" are allowed to change the "Rate" property, but any user can change the "Comments" property. Is this possible?
A:
You could do this using a Custom Validation attribute. You could create an attribute such as RequiresManagerRole that would check to see if the user is in the Manager role and would not allow the change if the user wasn't.
That might not be a very good experience for the user however. You'd probably want to somehow bind the readonly property in the form to figure out if the property was editable. You might be able to do that with an IValueConverter and in your value converter check the role of the user to determine if it is read only.
Update: Ok I think Brad saw this question and wrote this blog post to address it. This should address what you want to do but takes a different approach to it.
Bryant
2009-12-08 01:18:12