State driven security in LightSwitch (part 6): client side CanUpdate handling


In the previous post, we covered the most technical part in this series on state driven security: the server side logic for state driven can-update handling. To top it all, we still need a client side experience for this. That’s the current post. If you grasped the logic behind the previous articles, the current one is very trivial and simple.

This post is the start of a series:

  • part 1 : introduction
  • part 2 : the big picture
  • part 3 : state transition security (server side)
  • part 4 : state transition security (client)
  • part 5 : state driven can do update behavior (server side)
  • part 6 : this post

The Silverlight client

Let’s first indicate clearly what we want to achive: when an entity (or an attached entity in the object graph) is in a functional state where it can not be edited, the controls should adapt accordingly. Following example illustrates the situation where an holiday request body can no longer be updated (except the state) and the attached “Holiday request management feedback sub entity can be edited.



The code for doing is, is pretty simple, just call the private method SetHolidayRequestVisibility in the HolidayRequestDetail_InitializeDataWorkspace method:

private void SetHolidayRequestVisibility(string stateValue)
            bool isReadOnly = !StateManagement.CanUpdateEntityInState(CurrentHolidayRequest, OriginalValueOfRequestState);
            this.FindControl("Description").IsReadOnly = isReadOnly;
            this.FindControl("Requestor").IsReadOnly = isReadOnly;
            if (CurrentHolidayRequest.HolidayRequestManagementFeedback != null)
                isReadOnly = !StateManagement.CanUpdateEntityInState(
                this.FindControl("CurrentHolidayRequest_HolidayRequestManagementFeedback").IsReadOnly = isReadOnly;

The reason why it’s so simple, is because the StateManagement class can be linked as a file reference into the Silverlight assembly. That’s a technique that -unfortunately- we can’t apply in the html5 client.

The html5 client

We are lucky, the html5 implementation of the above is quite similar to a recent post of Beth Massi Using LightSwitch ServerApplicationContext and WebAPI to Get User Permissions

We simply need to expose the StateManagement.CanUpdateEntityInState method via a web-api interface.  I presume you can do this yourself :)


How can I get the infrastructure code?

Via nuget. Open the nuget management console: