Using an expression in a condition of a security action

Visual Guard allows you to use an expression based on the Visual Guard expression language to dynamically determine whether an action should be executed or not. The Visual Guard expression language supports logical and arithmetic operators, method invocation and allows to access to the context of the security action.

Visual Guard evaluates the value of the expression at runtime for the current context of the security action and uses the return value to determine whether the action should be executed or not. The action is executed when the value is equal to true.

In this expression, you can use the following variables:

• #Permission: AVGIPermission object containing the permission for which the security action is executed. You can access to the value of a permission argument by using the syntax: #Permission['myarg'].
• #EventArgs: This variable references the arguments passed to the event that raises the security action. This variable is available only when the security action is raised for a specific event. The type of this variable depends of the type of the event handler used to handles the event. For example, when you create an action raised on the 'Validating' event of a textbox, the type of the #EventArgs variable will be 'CancelEventArgs' since the type of the event is 'CancelEventHandler'.
• #UserId: A string value containing the Visual Guard repository Id of the user for which the action is executed.
• #UserName: A string value containing the name of the user for which the action is executed.
• #Principal: A VGIPrincipal object containing the principal for which the action is executed. You can use this variable to check whether the user is authenticated or not (#Principal.Identity.IsAuthenticated) or if the current user is member of a specific role (#Principal.IsInRole('administrator')).

The root context of the expression corresponds to the target object on which the action is executed. The type of this context depends on the type of the target of the action. For example, when you define an action for a Windows form, the type of the variable is 'System.Windows.Forms.Form'. When you define an action for a WebForm page, the type is 'System.Web.UI.Page'.

For an action executed on a Windows Form, if the condition is equal to 'Text.Length > 0' the action will be executed only when the title of the form is not empty.

At runtime, the condition is evaluated just before executing the action. When the action is declared for a specific event, the value of the condition will be evaluated when the event is raised. Visual Guard resolves the type of the object graph at runtime. if the expression is not valid at runtime because an object is null or member does not exist, Visual Guard will throw an InvalidActionException exception.

The Visual Guard security action designer tries to check the expression at design time. It parses the expression and evaluates the type of the objects statically declared.

In some cases, Visual Guard cannot evaluate the right type of an object and generates warning. For example, the expression 'Controls['MyCheckBox'].Checked' will generate a warning indicating that 'Checked' is not a property of the 'System.Windows.Forms.Control' class since the 'Controls[]' property returns a 'System.Windows.Forms.Control' object.

If you are sure that the type of the object returned by 'Controls['MyCheckBox']' is a checkbox at runtime, you can ignore this warning.

The security action with the following condition will be executed only when _btnDelete button is enabled and the text of _txbCountry textbox is equal to 'USA'

_btnDelete.Enabled and _txbCountry.Text == 'USA'

For an action executed on the Closing event of a form, the following condition is true when the property 'Cancel of event argument is not equal to true

!#EventArgs.Cancel

Other Resources