Just an interesting issue. Lets's say we have Cars and FuelTypes in our model, and User and Admin roles. Among other properties, Cars have a specified FuelType. I want User to be able to edit all properties os Cars, but none of FuelTypes, and want to grant
Admin editing everything.
Based on our previous discussion, tagging the
public IQueryable<...> AllInstances()
method with AuthorizeAction attribute within the Respository, the FuelTypes menu service is not visible to the User, that just works fine. But if User edits a Car, User is unable to modify the FuelType property of any Cars. Only the Remove and the Recently
Viewed menus are visible under the Find menu. (I think because the AllInstances() method of the FuelTypeRespository is not accessible for the User and because of this a list of FuelTypes cannot be populated to choose from)
When Admin edits a Car, everything is OK because he sees the FuelTypes menu.
Is there any way to grant the user the possibility of changing the FuelType of a Car without granting him the editing of FuelType itself?