What happens when the current user is deleted (by himself/herself or another user) while still using the application?

Deletion of the user who is actively using the app is NOT handled by our security module at the moment (e.g., NullReferenceException and other errors may occur). That is mainly because this operation is very rare, and so far we have not received real-life scenarios from our users where this could be useful. Moreover, deleting by accident is already prevented by showing a confirmation message by the standard DeleteObjectsViewController > DeleteAction.

Refer to this Support Center ticket for more considerations and possible custom solutions.

Your feedback is needed!

Even though we do not provide ready solutions for this specific scenario, we will be more than happy to learn more about your experience in this regard to consider improvements to our product for the future. If you needed to handle such scenarios on your own, please elaborate more on your real-life requirements and implemented solutions. Thanks in advance.

Performance tuning of the saving/validation process using the PersistenceValidationController events

Regardless of how good and sophisticated your development tools are, real production use often imposes research and solving speed issues. In this tip, I will talk about tuning the Validation Module to do its best when saving a master object exposing  large collections of aggregated data. 

By default, aggregated objects are considered to be an integral part of a master object, and thus, they should be validated together with the master object, which may take significant time if you have hundreds or thousands of complex detail records. The entire detail collection will be loaded and validated in this instance.

The good news is that XAF is very flexible and has a customizable framework that provides many ways to intercept this validation process. 

New and updated help topics in version 16.2.4

Recently, Dennis has published a huge list of changes introduced in XAF documentation in the previous major update (16.2). In this post, I would like to overview another set of changes in XAF documentation introduced with the 16.2.4 minor update of XAF.

How to change the default error icons for failed validation rules

I've just updated the corresponding Support Center ticket and want to share one more advanced example on using the built-in ImageLoader API with you. Before reading further, please learn more on this helper class from its docs or from my previous post on the same subject: 

How to load an icon for an XAF UI element from the database instead of using predefined images from assembly resources or file system.

How to colorize (make red) the asterisk symbol accompanying captions of required fields

This is one more blog post on styling or customizing appearance of default XAF editors (check my previous article here). I will share a short tutorial on fine-tuning the new validation feature we added in v15.2: XAF - Validation Module Enhancements for Windows and the Web (Coming soon in v15.2).

In the end you should know more about the known HTML Formatting feature of our WinForms controls and also learn more about the previously unknown (probably) specificity of the standard Literal control used in ASP.NET WebForms apps for captions, which both should open new horizons for your app.

So, let me quote myself from this Support Center thread:

To accomplish this task, follow the instructions below. While the underlying implementation is different for Windows and the Web, the idea is the same - use DevExpress specialized or native HTML tags to format the label's text or required field mark text.

WinForms:
1. Invoke the Model Editor for YourSolutionName.Win/Model.XAFML file;
2. Under the Options node, set the EnableHtmlFormatting property to True;
3. Under the Options | LayoutManagerOptions node, set the RequiredFieldMark property to 

<b><color=red>*</color></b>

Note: since the layout is managed with the help of the LayoutControl, we are using the built-in HTML Text Formatting feature of our WinForms Controls for this task.  

ASP.NET:

1. Invoke the Model Editor for YourSolutionName.Web/Model.XAFML file;

2. Under the Options | LayoutManagerOptions node, set the RequiredFieldMark property to 

<b><font color="red">*</font></b>

Note:
1. since the layout item captions are rendered with the help of the standard System.Web.UI.WebControls.Literal control, according to MSDN, we can use standard HTML tags in the label's text.

2. There may be gaps between the caption and the editor under certain circumstances, so you may need to additionally adjust this distance as per this Support Center thread.

Checking if an object is new or not within a criterion string

Typical usage scenarios

I remember registering a corresponding feature request in order to make it easier for XAF developers to accomplish the following types of tasks:
a) Validating data fields for new records only; e.g., the scenario from Q440548
b) Implementing different data field appearance for new and saved records; e.g., the color or enabled state as in Q475272
c) Managing Action controls' state for new records via TargetObjectsCriteria

During these years these three scenarios stayed popular among our users (we had several dozens of trackers), so it was a natural decision for us, as framework creators, to make accomplishing this common and proven stuff easier for developers and probably end users.

Validation, Conditional Appearance, Security or all modules at once?

I believe this recent discussion in the Support Center will be very interesting for the XAF community.
Let me quote myself from comments to this thread:

Let me comment on the security aspect of this solution. The ConditionalAppearance module (as stated in the docs) should not be used as a security means, even if it can hide or disable certain UI elements. Its primary purpose is to customize the appearance of the application, provide a better UX by guiding an end-user through the predefined application flow (e.g., he or she entered a certain value, then depending on it, new editors appear just for this case or certain editors get disabled not to allow a user to go a wrong way).

So, if you need data protection, you should also have additional security checks (preferably on the server side) and not rely just on the availability of UI controls. For this, I can recommend the following things:

1. Make sure your business logic in data model classes or controllers handles invalid user inputs or other unwanted situations, even if you have set up the Validation or ConditionalAppearance rules for the UI;
2. Use the Security System module to protect your data in the UI or on the server side;
3. Consider hiding your database from the client by using a remote data store service as described in How to connect to a remote data service instead of using a direct database connection;
4. Consider storing the Application Model differences in the database instead of the file system and thus disallowing powerful end-users to customize it manually. See the How to manage user settings (reset, merge, import, export, etc.) stored in the database instead of a file system example for more details.
5. Make sure your application does not allow loading external modules/plug-ins from the configuration file by using the right XafApplication.Setup method overload.

There, of course, may be more things to look at if the final application will be deployed in a banking environment, as in case of the original ticket owner. So feel free to share your feedback on this as well. I know that some of our XAF customers (like Robert Anderson) have production apps working in similar security sensitive environments, so it would be great to hear about your experience. Thanks!

Developing the validation warnings feature - Feedback is needed!

You probably saw my recent post about the feature we are developing for 13.2. This nice addition to the framework was welcomed by the XAF community and there were some questions from customers which I would like to answer here. So, let's do it!

Q1: Chris G. Royle It's difficult to see from the screenshots how you've implemented Dennis. If you've used the snippet that Tolis posted recently in a blog,
A1: No, we have not used the eXpand Framework implementation.
Take special note that a validation warning rule is declared as follows:

[RuleCriteria("RuleWarning", DefaultContexts.Save, @"IsWarning = false", SkipNullOrEmptyValues = false, ResultType=ValidationResultType.Warning)]

You can learn more about our implementation from these short videos:

Winforms: 

Guess the feature by screenshots;-)

Yes, you are right, and let's be honest that it was quite easy to guess:-)
I am referring to the Validation - Warn end-users about mistakes/inconsistencies without preventing them from saving changes request, which we are currently working on, and hope to include a solution into the standard XAF delivery in 13.2 (no exact promises, as always!)