I've done this by using an NHibernate filter based on the username; for
example:
<set inverse="true" name="Documents">
<key>
<column name="FolderID" />
</key>
<one-to-many class="Document" />
<filter name="securityFilter" condition="DocumentId in (select
DocumentId from ... where UserName = :userName)" />
</set>
We then simply enable the filter at the point of opening an ISession (in
our case, it's done by a Castle Windsor facility). The nice thing about
this is that it's completely transparent to everything other than (1)
the mappings and (2) the session creation, as well as being extremely
simple to use.
/Pete
From: [email protected] [mailto:[email protected]] On
Behalf Of Patrick Doran
Sent: 08 January 2014 22:16
To: [email protected]
Subject: [nhusers] Suggestions on implementing entity level security
I have done some research on this topic, on this board and just
searching around google. Let me explain what I'd like to try to do
first:
1) Based on the requesting user prevent the loading of any entity that
user doesn't have access to.
2) We would rather implement this at a layer lower than say a repository
as those implementing new repository methods and applying:
Session.Get, Session.Query, Session.QueryOver or Session.CreateCriteria
shouldn't need to apply the security filtering logic.
3) Want to prevent the loading of an entity that a user doesn't have
access to even it is associated with an entity they do have access to
IE:
A user has access to a folder, that folder is a list of documents. One
of the documents they are explicitly denied access to. The expectation
is that the domain object "folder" would have the Documents collection
minus the item restricted.
We have looked at using the ILoadEventListeners OnLoad and this seems to
work with the basic case of, essentially null out the entity in the
event data, however we do some projections with linq to nhibernate, and
as far as I can tell there isn't any events to hook in to here. I am
willing to work around these cases, if the event method is a tenable
solution. One of the devs on my team looked at rhino security and wasn't
sure it would accomplish what we want to do. Before I dive in to Rhino
Security I wanted to see if anyone had in solutions, either via
libraries or implementation suggestions. I appreciate any help.
-Patrick
--
You received this message because you are subscribed to the Google
Groups "nhusers" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/nhusers.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
"nhusers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/nhusers.
For more options, visit https://groups.google.com/groups/opt_out.
