Need to implement custom business/authorization rules for the product that is based on the well-known CSLA framework.
Examples:
- The logged-in principal or admin can update her details, not anyone else.
- The last user in the system can't be deleted.
Currently I know that rules can be applied during setup phase:
BusinessRules.AddRule(typeof(myClass), new IsInRole(AuthorizationActions.GetObject, new string [] { "role1", "role2" }));
This approach is insufficient and less flexible then required. The rules should be probably applied during DataPortal.Update() (did I missed anything from the source, please?). Any advice is warmly welcomed.