[nhusers] Field Level Security

Mon, 23 Jul 2012 21:28:59 -0700 

As the subject suggests, has anyone tried implementing field level security 
with NHibernate? If so, I would love to see a code example -- I'm not 
interested in the security authorization mechanism persay but I'm rather 
curious regarding NHibernate's integration with it. I would like to have 
the security checks ran when the entity is hydrated rather than in the ui 
layer as I've seen in other examples. My newbie approach is listed below. 
Does anyone else have a better solution (a custom proxy might be cleaner)? 

//assume ISecurityTasks has a concrete implementation
public interface ISecurityTasks
{
bool IsViewableByCurrentUser(SecureEntity secureEntity);
}

public class Entity
{
public virtual int Id { get; set; }
}

public class SecureEntity : Entity
{
public virtual bool IsViewableByCurrentUser { get; set; }
}

public class Document : SecureEntity
{
public virtual string Title { get; set; }
}

public class Company : SecureEntity
{
protected virtual Document _secrectCompanyDocument { get; private set; }
public virtual Document SecretCompanyDocument
{
                //if the current user doesn't have view permission then 
return null
get { return _secrectCompanyDocument.IsViewableByCurrentUser ? 
_secrectCompanyDocument : null; }
}
}

public class SecureEntityPostLoad : IPostLoadEventListener
{
public void OnPostLoad(PostLoadEvent postLoadEvent)
{
SecureEntity secureEntity = postLoadEvent.Entity as SecureEntity;
if (secureEntity != null)
{
//replace with a call to 
ISecurityTasks.IsViewableByCurrentUser(secureEntity);
secureEntity.IsViewableByCurrentUser = true; 
}
}
}

class Program
{
static void Main(string[] args)
{
ISessionFactory sessionFactory = 
NHibernateInitializer.Initialize().BuildSessionFactory();
using (ISession session = sessionFactory.OpenSession())
using (ITransaction transaction = session.BeginTransaction())
{
var company = session.Get<Company>(1);
var title = company.SecretCompanyDocument.Title;
}
}
}

-- 
You received this message because you are subscribed to the Google Groups 
"nhusers" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/nhusers/-/mIUkigsn5YIJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/nhusers?hl=en.

Reply via email to