docs: fix #366 - include full attribute names in attribute docs pages…

…, and improve some other security docs

docs/modeling/model-components/attributes/client-validation.md

@@ -1,6 +1,8 @@
 # [ClientValidation]
 
-The `[IntelliTect.Coalesce.DataAnnotations.ClientValidation]`
+`IntelliTect.Coalesce.DataAnnotations.ClientValidationAttribute`
+
+The `ClientValidation`
 attribute is used to control the behavior of client-side model validation
 and to add additional client-only validation parameters. Database validation is available via standard `System.ComponentModel.DataAnnotations` annotations. 
 

docs/modeling/model-components/attributes/coalesce.md

@@ -1,6 +1,8 @@
 
 # [Coalesce]
 
+`IntelliTect.Coalesce.CoalesceAttribute`
+
 Used to mark a type or member for generation by Coalesce.
 
 Some types and members will be implicitly included in generation - for example, all types represented by a `DbSet<T>` on a `DbContext` that has a `[Coalesce]` attribute will automatically be included. Properties on these types will also be generated for unless explicitly excluded, since this is by far the most common usage scenario in Coalesce.

docs/modeling/model-components/attributes/controller-action.md

@@ -1,5 +1,7 @@
 # [ControllerAction]
 
+`IntelliTect.Coalesce.DataAnnotations.ControllerActionAttribute`
+
 Specifies how a [custom method](/modeling/model-components/methods.md) is exposed via HTTP. Can be used to customize the HTTP method/verb for the method, as well as caching behavior.
 
 

docs/modeling/model-components/attributes/controller.md

@@ -1,5 +1,7 @@
 # [Controller]
 
+`IntelliTect.Coalesce.DataAnnotations.ControllerAttribute`
+
 Allows for control over the generated MVC Controllers.
 
 Currently only controls over the API controllers are present, but additional properties may be added in the future.

docs/modeling/model-components/attributes/create-controller.md

@@ -1,5 +1,7 @@
 # [CreateController]
 
+`IntelliTect.Coalesce.DataAnnotations.CreateControllerAttribute`
+
 By default an API and View controller are both created. This allows for
 suppressing the creation of either or both of these.
 

docs/modeling/model-components/attributes/date-type.md

@@ -1,5 +1,11 @@
 # [DateType]
 
+`IntelliTect.Coalesce.DataAnnotations.DateTypeAttribute`
+
+::: warning
+This attribute is deprecated and not recommended for use in new development. Instead, use the native .NET types [`System.DateOnly`](https://learn.microsoft.com/en-us/dotnet/api/system.dateonly?view=net-8.0) and [`System.TimeOnly`](https://learn.microsoft.com/en-us/dotnet/api/system.timeonly?view=net-8.0).
+:::
+
 Specifies whether a DateTime type will have a date and a time, or only a date.
 
 ## Example Usage
@@ -22,4 +28,5 @@ The type of date the property represents.
 
 Enum values are:
 - `DateTypeAttribute.DateTypes.DateTime` Subject is both a date and time.
-- `DateTypeAttribute.DateTypes.DateOnly` Subject is only a date with no significant time component.
+- `DateTypeAttribute.DateTypes.DateOnly` Subject is only a date with no significant time component.
+- `DateTypeAttribute.DateTypes.TimeOnly` Subject is only a time with no significant date component.

docs/modeling/model-components/attributes/default-order-by.md

@@ -1,5 +1,7 @@
 # [DefaultOrderBy]
 
+`IntelliTect.Coalesce.DataAnnotations.DefaultOrderByAttribute`
+
 Allows setting of the default manner in which the data returned to the client will be sorted. Multiple fields can be used to sort an object by specifying an index.
 
 This affects the sort order both when requesting a list of the model itself, as well as when the model appears as a child collection off of a navigation property of another object.

docs/modeling/model-components/attributes/dto-includes-excludes.md

@@ -1,5 +1,9 @@
 # [DtoIncludes] & [DtoExcludes]
 
+`IntelliTect.Coalesce.DataAnnotations.DtoIncludesAttribute`
+<br>
+`IntelliTect.Coalesce.DataAnnotations.DtoExcludesAttribute`
+
 Allows for easily controlling what data gets set to the client. When requesting data from the generated client-side list view models, you can specify an `includes` property on the ViewModel or ListViewModel. 
 
 For more information about the includes string, see [Includes String](/concepts/includes.md).

docs/modeling/model-components/attributes/execute.md

@@ -1,6 +1,8 @@
 
 # [Execute]
 
+`IntelliTect.Coalesce.DataAnnotations.ExecuteAttribute`
+
 Controls permissions for executing of a static or instance method through the API.
 
 For other security controls, see [Security Attributes](/modeling/model-components/attributes/security-attribute.md).

docs/modeling/model-components/attributes/hidden.md

@@ -1,6 +1,8 @@
 
 # [Hidden]
 
+`IntelliTect.Coalesce.DataAnnotations.HiddenAttribute`
+
 Mark an property as hidden from the edit, List or All areas.
 
 ::: danger

docs/modeling/model-components/attributes/inject.md

@@ -1,6 +1,8 @@
 
 # [Inject]
 
+`IntelliTect.Coalesce.DataAnnotations.InjectAttribute`
+
 Used to mark a [Method](/modeling/model-components/methods.md) parameter for dependency injection from the application's `IServiceProvider`.
 
 See [Methods](/modeling/model-components/methods.md) for more.

docs/modeling/model-components/attributes/internal-use.md

@@ -1,6 +1,8 @@
 
 # [InternalUse]
 
+`IntelliTect.Coalesce.DataAnnotations.InternalUseAttribute`
+
 Used to mark a type, property or method for internal use. Internal Use members are:
 
 - Not exposed via the API.

docs/modeling/model-components/attributes/list-text.md

@@ -1,6 +1,8 @@
 
 # [ListText]
 
+`IntelliTect.Coalesce.DataAnnotations.ListTextAttribute`
+
 When a textual representation of an object needs to be displayed in the UI, this attribute controls which property will be used. Examples include dropdowns and cells in admin UI tables.
 
 If this attribute is not used, and a property named `Name` exists on the model, that property will be used. Otherwise, the primary key will be used.

docs/modeling/model-components/attributes/load-from-data-source.md

@@ -1,5 +1,7 @@
 # [LoadFromDataSource]
 
+`IntelliTect.Coalesce.DataAnnotations.LoadFromDataSourceAttribute`
+
 Specifies that the targeted model instance method should load the instance it is called on from the specified data source when invoked from an API endpoint. If not defined, the model's default data source is used.
 
 ## Example Usage

docs/modeling/model-components/attributes/many-to-many.md

@@ -1,6 +1,8 @@
 
 # [ManyToMany]
 
+`IntelliTect.Coalesce.DataAnnotations.ManyToManyAttribute`
+
 Used to specify a Many to Many relationship. Because EF core does not
 support automatic intermediate mapping tables, this field is used to
 allow for direct reference of the many-to-many collections from the

docs/modeling/model-components/attributes/restrict.md

@@ -1,5 +1,7 @@
 # [Restrict]
 
+`IntelliTect.Coalesce.DataAnnotations.RestrictAttribute<T>`
+
 In addition to [role-based](/modeling/model-components/attributes/security-attribute.md) property restrictions, you can also define property restrictions that can execute custom code for each model instance if your logic require more nuanced decisions than can be made with roles.
 
 ``` c#:no-line-numbers

docs/modeling/model-components/attributes/search.md

@@ -1,6 +1,8 @@
 
 # [Search]
 
+`IntelliTect.Coalesce.DataAnnotations.SearchAttribute`
+
 Coalesce supports searching through the generated API in its various implementations, including the generated list views (Table & Cards), in Select2 dropdowns, and directly through the TypeScript ListViewModels' `search` property.
 
 The `search` parameter of the API can also be formatted as ``PropertyName:SearchTerm`` in order to search on an arbitrary property of a model. For example, a value of ``Nickname:Steve-o`` for a search term would search the `Nickname` property, even through it is not marked as searchable using this attribute.

docs/modeling/model-components/attributes/security-attribute.md

@@ -1,5 +1,6 @@
 # Security Attributes
 
+
 Coalesce provides a collection of attributes which can provide class-level (and property-level, where appropriate) security controls over the generated API.
 
 ::: tip
@@ -9,40 +10,54 @@ This page provides API-level documentation for a specific set of attributes. For
 
 ## Class vs. Property Security
 
-There are important differences between class-level security and property-level security, beyond the usage of the attributes themselves. In general, class-level security is implemented in the generated API Controllers as `[Authorize]` attributes on the generated actions. Property security attributes are implemented in the [Generated C# DTOs](/stacks/agnostic/dtos.md).
+There are important differences between class-level security and property-level security, beyond the usage of the attributes themselves: 
+
+- Class-level security is enforced in the generated API Controllers, primarily as `[Authorize]` attributes on the generated actions.
+- Property security is enforced in the [Generated C# DTOs](/stacks/agnostic/dtos.md).
+
+This means that class-level security only affects calls made to that type's standard API endpoints (and any type's bulk save endpoint), but does not affect usages of that type on other types' navigation properties. For details on how to control navigation properties, see the [Security page section on Entity Reads](/topics/security.md) 
 
+### Complex Property Logic
+
+For property security, [`[Read]`](#read) and [`[Edit]`](#edit) can be used to apply role-based security. If you need logic more complicated than checking for the presence of a role, [[Restrict]](/modeling/model-components/attributes/restrict.md) offers the ability to write custom code to control the read and write permissions of a property.
 
 ## Implementations
 
 ### [Read]
-Controls permissions for reading of objects and properties through the API.
+`IntelliTect.Coalesce.DataAnnotations.ReadAttribute`
+
+For **class-level** security, controls access to the type's generated `/get`, `/list`, and `/count` endpoints, as well as stacking with `[Edit]`/`[Save]` to control the `/bulkSave` endpoint.
 
-For **property-level** security only, if a `[Read]` attribute is present without an `[Edit]` attribute, the property is read-only. 
+For **property-level** security, controls reading of that property any time it would be returned by any Coalesce built-in or custom endpoint. If a `[Read]` attribute is present without an `[Edit]` attribute, the property is read-only. 
 
-Additionally, you can set  `NoAutoInclude = true` the `[Read]` attribute to suppress the [Default Loading Behavior](/modeling/model-components/data-sources.md#default-loading-behavior).
+Additionally, you can set `NoAutoInclude = true` on the `[Read]` attribute to suppress the [Default Loading Behavior](/modeling/model-components/data-sources.md#default-loading-behavior). When targeted at a class, prevents all navigation properties of that class' type from being auto-included. When targeted at a navigation property, only that specific navigation property is affected.
 
 #### Example Usage
 ``` c#
-[Read(Roles = "Management", PermissionLevel = SecurityPermissionLevels.AllowAuthorized)]
+[Read(Roles = "Management")]
 public class Employee
 {
     public int EmployeeId { get; set; }
 
     [Read("Payroll")]
     public string LastFourSsn { get; set; }
 
+    [Read("Payroll", NoAutoInclude = true)]
+    public List<Paycheck> Paychecks { get; set; }
     ...
 }
 ```
 
 ### [Edit]
-Controls permissions for editing of objects and properties through the API.
+`IntelliTect.Coalesce.DataAnnotations.EditAttribute`
+
+For **class-level** security, controls saving of existing instances of the type through the generated `/save` and `/bulkSave` endpoints.
 
-For **property-level** security only, if a `[Read]` attribute is present, one of its roles must be fulfilled in addition to the roles specified (if any) for the `[Edit]` attribute.
+For **property-level** security, controls access to the property any time it accepted as input by any Coalesce built-in or custom endpoint. If a `[Read]` attribute is present, one of its roles must be fulfilled in addition to the roles specified (if any) for the `[Edit]` attribute.
 
 #### Example Usage
 ``` c#
-[Edit(Roles = "Management,Payroll", PermissionLevel = SecurityPermissionLevels.AllowAuthorized)]
+[Edit(Roles = "Management,Payroll")]
 public class Employee
 {
     public int EmployeeId { get; set; }
@@ -52,53 +67,59 @@ public class Employee
 
     ...
 }
+
+[Edit(PermissionLevel = SecurityPermissionLevels.DenyAll)]
+public class Paycheck { ... }
 ```
 
 ### [Create]
+`IntelliTect.Coalesce.DataAnnotations.CreateAttribute`
+
+For **class-level** security, controls saving of new instances of the type through the generated `/save` and `/bulkSave` endpoints. 
 
-Controls permissions for creation of an object of the targeted type through the API.
+Not applicable to properties.
 
 #### Example Usage
 ``` c#
-[Create(Roles = "HumanResources", PermissionLevel = SecurityPermissionLevels.AllowAuthorized)]
-public class Employee
-{
-    ...
-}
+[Create(Roles = "HumanResources")]
+public class Employee { ... }
+
+[Create(PermissionLevel = SecurityPermissionLevels.DenyAll)]
+public class Paycheck { ... }
 ```
 
 ### [Delete]
-Controls permissions for deletion of an object of the targeted type through the API.
+`IntelliTect.Coalesce.DataAnnotations.DeleteAttribute`
+
+For **class-level** security, controls deleting of existing instances of the type through the generated `/delete` and `/bulkSave` endpoints. 
+
+Not applicable to properties.
 
 #### Example Usage
 ``` c#
-[Delete(Roles = "HumanResources,Management", PermissionLevel = SecurityPermissionLevels.AllowAuthorized)]
-public class Employee
-{
-    ...
-}
+[Delete("HumanResources", "Management")]
+public class Employee { ... }
+
+[Delete(PermissionLevel = SecurityPermissionLevels.DenyAll)]
+public class Paycheck { ... }
 ```
 
 ### [Execute]
-A separate attribute for controlling method execution exists. Its documentation may be found on the [[Execute]](/modeling/model-components/attributes/execute.md) page.
 
-### [Restrict]
+A separate attribute for controlling method execution exists. Its documentation may be found on the [[Execute]](/modeling/model-components/attributes/execute.md) page.
 
-For property security, `[Read]` and `[Edit]` can be used to apply role-based security. If you need logic more complicated than checking for the presence of a role, [[Restrict]](/modeling/model-components/attributes/restrict.md) offers the ability to write custom code to control the read and/or write permissions of a property.
 
 ## Attribute Properties
 
 <Prop def="public string Roles { get; set; }" ctor=1 /> 
 
 A comma-delimited list of roles that are authorized to take perform the action represented by the attribute. If the current user belongs to any of the listed roles, the action will be allowed.
 
-The string set for this property will be outputted as an `[Authorize(Roles="RolesString")]` attribute on generated API controller actions.
-
-<Prop def="public SecurityPermissionLevels PermissionLevel { get; set; }" ctor=2 /> 
+<Prop def="public SecurityPermissionLevels PermissionLevel { get; set; }" ctor=1 /> 
 
 The level of access to allow for the action for **class-level security** only. Has no effect for property-level security.
 
 Enum values are:
 - `SecurityPermissionLevels.AllowAll` Allow all users to perform the action for the attribute, including users who are not authenticated at all.
-- `SecurityPermissionLevels.AllowAuthorized` Allow only users who are members of the roles specified on the attribute to perform the action. If no roles are specified on the attribute, then all authenticated users are allowed (no anonymous access). 
-- `SecurityPermissionLevels.DenyAll` Deny the action to all users, regardless of authentication status or authorization level. If `DenyAll` is used, no API endpoint for the action will be generated.
+- `SecurityPermissionLevels.AllowAuthorized` **Default**. Allow only users who are members of the roles specified on the attribute to perform the action. If no roles are specified on the attribute, then all authenticated users are allowed (no anonymous access). 
+- `SecurityPermissionLevels.DenyAll` Deny the action to all users, regardless of authentication status or authorization level. If `DenyAll` is used on a class, no API endpoint for the governed actions will be generated.

docs/modeling/model-components/methods.md

@@ -172,7 +172,7 @@ Collections of any of the above valid parameter types above are also valid param
 [DbContext](https://learn.microsoft.com/en-us/dotnet/api/microsoft.entityframeworkcore.dbcontext)
 </td><td>
 
-If the method has a parameter assignable to `Microsoft.EntityFrameworkCore.DbContext`, then the parameter will be implicitly `[Inject]`ed.
+EF Core `DbContext` types are injected automatically.
 </td></tr>
 
 
@@ -181,7 +181,16 @@ If the method has a parameter assignable to `Microsoft.EntityFrameworkCore.DbCon
 [ClaimsPrincipal](https://learn.microsoft.com/en-us/dotnet/api/system.security.claims.claimsprincipal)
 </td><td>
 
-If the method has a parameter of type ClaimsPrincipal, the value of `HttpContext.User` will be passed to the parameter.
+Passes through from `HttpContext.User`.
+</td></tr>
+
+
+<tr><td>
+
+[CancellationToken](https://learn.microsoft.com/en-us/dotnet/api/system.threading.cancellationtoken?view=net-8.0)
+</td><td>
+
+Passes through from `HttpContext.RequestAborted`.
 </td></tr>
 
 
@@ -190,7 +199,7 @@ If the method has a parameter of type ClaimsPrincipal, the value of `HttpContext
 [[Inject]](/modeling/model-components/attributes/inject.md)
 </td><td>
 
-If a parameter is marked with the [[Inject]](/modeling/model-components/attributes/inject.md) attribute, it will be injected from the application's `IServiceProvider`.
+Parameters with the [[Inject]](/modeling/model-components/attributes/inject.md) attribute are injected from the application's `IServiceProvider`.
 </td></tr>