English 中文(简体)
实体框架每个用户的行排安全级别框架
原标题:Entity Framework row-level security per user

我在ASP.Net MVC3网站工作,以2008年实体框架和SQL服务器作为数据储存,还使用存储模式将所有数据存取代码集中在一个区域。

In my application I have many users, every user can have many Projects. User should only have access to their own projects. At the moment I have this code:

    public IQueryable<Project> All
    {
        get { 
            return context.Projects
                .Where(p => p.Owner.ID == Util.GetCurrentUserID())
                .Select(p=>p); 
        }
    }

    public Project Find(System.Guid id)
    {
        return context.Projects
                .Where(p => p.Owner.ID == Util.GetCurrentUserID())
                .FirstOrDefault();
    }

如果您注意到了 . where (p \\ gt; p. howerr.ID = Util. GetCrentUnderrID ())) 已被复制。 我还有很多其他地方存在这些确切条件。

DbContext 中是否有办法将这一条件自动附在任何在查询中的项目表之后?

类似 :

public class MyContext : DbContext
{
    public DbSet<Project> Projects
         .Where(p => p.Owner.ID == Util.GetCurrentUserID()) { get; set; }
}


public class MyContext : DbContext
{
    public DbSet<Project> Projects { get {
           // Insert a cast from IQuerieable to DBSet below
       return Projects
              .Where(p => p.Owner.ID == Util.GetCurrentUserID())
              .Select(p => p);
    } 
    set; }
}

写此题时, < 强势 > UPD < / 强势 >, 意识到上一个版本只会有效 -- -- 需要尝试。 仍然希望听到其他选项, 来实现代码优化, 并让它变得更为DRY 。

提前谢谢!

最佳回答

您总可以写入一个名为“ WhereProject” 的扩展方法。 然后在您的扩展方法中, 在您将状况附加到您的前提后, 将标准“ where” 方法称为“ where” 方法 。

public static IEnumerable<TSource> WhereProject<TSource>(this IEnumerable<TSource> source, Func<TSource, bool> predicate) where TSource: Project
{
     return source.Where(p=> p.Owner.ID == Util.GetCurrentUserID() && predicate);
}

如果您想要跳过前置值, 您可以在默认值的参数列表中将其设置为空, 或者将其设置为空, 然后在您不想使用前置值时采取相应行动 。

可能是你想要的 , 它很简单 :

public static IEnumerable<TSource> WhereProject<TSource>(this IEnumerable<TSource> source) where TSource: Project
{
     return source.Where(p=> p.Owner.ID == Util.GetCurrentUserID());
}

EDIT These solutions does not sound right to me. I think you would want to secure your row data one level higher, in my case it would be the service layer. Consider a method in your service class like this:

public List<Project> GetUserProjects(User user)
{
    return repo.All().Where(p => p.Owner.ID == Util.GetCurrentUserID()).ToList();
}

这样, 从方法名称来看, 您正在做什么是十分清楚的。 控制您的特定逻辑不是仓库的责任。 它只用来处理您的数据存取 。

时间:2012-05-27 00:45:55
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
NSArray s, Primitive types and Boxing Oh My!

I m pretty new to the Objective-C world and I have a long history with .net/C# so naturally I m inclined to use my C# wits. Now here s the question: I feel really inclined to create some type of ...

时间:2009-11-13 04:15:39 回答:4 展示:1
C# Marshal / Pinvoke CBitmap?

I cannot figure out how to marshal a C++ CBitmap to a C# Bitmap or Image class. My import looks like this: [DllImport(@"test.dll", CharSet = CharSet.Unicode)] public static extern IntPtr ...

时间:2009-11-13 03:47:30 回答:1 展示:1
How to Use Ghostscript DLL to convert PDF to PDF/A

How to user GhostScript DLL to convert PDF to PDF/A. I know I kind of have to call the exported function of gsdll32.dll whose name is gsapi_init_with_args, but how do i pass the right arguments? BTW, ...

时间:2009-11-13 03:33:19 回答:3 展示:1
Linqy no matchy

Maybe it s something I m doing wrong. I m just learning Linq because I m bored. And so far so good. I made a little program and it basically just outputs all matches (foreach) into a label control. ...

时间:2009-11-13 03:12:54 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全