Hi there!
Been seeking answers to this question all day without success.
In my current project I got entities that needs to be hidden if the
user who requests them doesn't have the permission to see them. Each
user belongs to one or several groups and these groups determine if
the user have the permission to view the entity.
Simple schema
Entity
- Id
- Name
User
- Id
- GroupId
EntityGroup
- GroupId
- EntityId
So each entity is linked to one or several groups using the
"EntityGroup" table.
Since I didn't want to clutter my Entity with a property containing
all Groups that are entitled to view it I've been thinking of ways to
work around this.
One possible solution is to use filters and with custom SQL filter the
query. That worked great, but since the Entity is mapped as a <joined-
subclass> in an other entity I couldn't make the filter work without
sneaking in the SQL generated by NHibernate and in the filter mapping
add the alias which NHibernate generates.
An example
<set name="Items">
<key column="ViewID" />
<one-to-many class="AxisItem" />
<filter name="FilterByGroup" condition="axisitems0_1_.QuestionId
IN (Select p.QuestionID FROM QSReportal.dbo.GroupQuestionPermissions p
WHERE p.GroupId = :groupId)"></filter>
</set>
The problem lies with "axisitems0_1_" where I instead would like to
use the original tablename, "Entity".
But even though this works, though some small hacks, it doesn't feel
"right".
So here I am, asking how you deal with these scenarios where users has
permissions to see or not to see other entities. Is Filter the way to
go? Should I add the "Group"-property on the Entity and query it with
the Criteria API and thereby cluttering my entity?
Should I load all objects and filter them with code?
Or is there an even better solution this?
Thanks for your time and answers
//Kenny Eliasson, Quicksearch Sweden
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"nhusers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nhusers?hl=en
-~----------~----~----~----~------~----~------~--~---
