protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
bool modifyOwnRecord = c.User.Name.Equals(UserName);
if (modifyOwnRecord)
return AssertResult.Allow();
if (!c.User.CanManageUsers())
return AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot create users", c.User.Name)));
return AssertResult.Allow();
});
context.Assertions.Add(c => {
if (String.Equals(UserName, User.PublicName, StringComparison.OrdinalIgnoreCase) ||
String.Equals(UserName, User.SystemName, StringComparison.OrdinalIgnoreCase))
return AssertResult.Deny(new SecurityException(String.Format("User name '{0}' is reserved for the system.", UserName)));
return AssertResult.Allow();
});
}