I am trying to implement authorization in a Delphi XE DataSnap application. I stopped this with a very simple example, but I do not see the effects of the TRoleAuth attribute for a method or class.
Here is a simple DSServerMethods class that includes generated sampling methods. The class was decorated with a guest and all authorized roles, as well as an undesirable negative role. The ReverseString method has been decorated with a read-independent role:
type
[TRoleAuth('guest,anyone','unwelcome')]
TMyDSServerMethods = class(TDSServerModule)
DataSetProvider1: TDataSetProvider;
...
public
{ Public declarations }
function EchoString(Value: string): string;
[TRoleAuth('','readonly')]
function ReverseString(Value: string): string;
...
end;
I assign roles to the OnUserAuthenticate method. For example, I have a user for whom I assign the readonly role from OnUserAuthenticate, a role that, it seems to me, should deprive the user of the right to execute the ReverseString function.
, , EventObject.AuthorizedRoles EventObject.DeniedRoles TStrings OnUserAuthorize TDSAuthenticationManager .
OnUserAuthorize, tesing. readonly, ReverseString, EventObject.AuthorizedRoles EventObject.DeniedRoles , EventObject.Roles readonly.
procedure TServerContainer1.DSAuthenticationManager1UserAuthorize(
Sender: TObject; EventObject: TDSAuthorizeEventObject;
var valid: Boolean);
begin
outputdebugstring(PChar(Eventobject.UserName));
if EventObject.UserRoles <> nil then
outputdebugstring(PChar(eventobject.UserRoles.Text));
if EventObject.AuthorizedRoles <> nil then
outputdebugstring(PChar(eventobject.AuthorizedRoles.Text));
if EventObject.DeniedRoles <> nil then
outputdebugstring(PChar(eventobject.DeniedRoles.Text));
valid := True;
end;
, , -, TRoleAuth?
= = = = = = = = = =
: Mat DeLong . DSAuth ( TRoleAuth) , DSServerModule.