Classes and interfaces

In this section, each class and interface of the concept will be explained in details.

Kipon.Xrm.Attributes.AdminAttribute

When you inject Microsoft.Xrm.IOrganizationService into you plugin method or services, you will get an instance that uses the current user context by default. This means that any operation performed with the instance is permission validated with that user. If the plugin perform any operation, ex. create, update or delete of other entities, an insufficient permission error will be thrown if the user does not have the required priviliges.

But in some cases, the plugin should be allowed to do it's stuff, regardless of the current user context. In such case, you can add the [Admin] decorator the the constructor paramter for a service, or the plugin method parameter for a plugin. Adding the [Admin] property will ensure that the underlying Microsoft.Xrm.IOrganizationService will run in a system priviliges context. Be aware that any create/update performed in such context will get "SYSTEM" as the createdby/modifiedby on impacted records.

The [Admin] flag applies to any of the below service:

  • Microsoft.Xrm.IOrganizationService
  • Kipon.Xrm.IUnitOfWork and all interfaces inherited from here, including code generated interfaces
  • System.Linq.IQueryable<EntityClass>
  • Kipon.Xrm.IRepository<EntityClass>
Inject an admin context into a plugin step:

using Kipon.Xrm.Attributes;

namespace Kipon.PluginExample.Plugins.AttributeExamples
{
    public class AdminExamplePlugin : Kipon.Xrm.BasePlugin
    {
        public void OnPostCreate(Entities.Account target, [Admin]Entities.IUnitOfWork uow)
        {
            // any operation performed through uow will be done as SYSTEM with system priviliges
        }
    }
}

In above example we are injecting the generated unit of work service, and any operation performed against that instance will be performed by SYSTEM because of the [Admin] decoration of the parameter property

Inject an admin contact into a service:

using Kipon.PluginExample.Entities;
using Kipon.Xrm.Attributes;
using System.Linq;
using System;

namespace Kipon.PluginExample.Services
{
    public class AdminExampleService : ServiceAPI.IAdminExampleService
    {
        private readonly IQueryable<Account> accountQuery;

        public AdminExampleService([Admin]IQueryable<Entities.Account> accountQuery)
        {
            this.accountQuery = accountQuery;
        }

        public bool hasChildren(Guid parentAccountId)
        {
            return (from a in accountQuery
                    where a.ParentAccountId.Id == parentAccountId
                    select a.AccountId).FirstOrDefault() != null;
        }
    }
}

In the service we are injecting an IQueryable<Account>. Any query performed using that instance will be performed with system priviliges, meaning that the HasChildren() method will return true, even if the current user context does not have permission to see all child accounts.

© Kipon ApS 2020, 2021, 2022, 2023, 2024. All content on the page is the property of Kipon ApS. Any republish or copy of this content is a violation. The content of this site is NOT open source, and cannot be copied, republished or used in any context without explcit permission from the owner.