Field Level Security
46 views
Skip to first unread message
SirSirAaron
Jul 24, 2012, 12:28:54 AM7/24/12
to nhu...@googlegroups.com
As the subject suggests, has anyone tried implementing field level security with NHibernate? If so, I would love to see a code example -- I'm not interested in the security authorization mechanism persay but I'm rather curious regarding NHibernate's integration with it. I would like to have the security checks ran when the entity is hydrated rather than in the ui layer as I've seen in other examples. My newbie approach is listed below. Does anyone else have a better solution (a custom proxy might be cleaner)?
//assume ISecurityTasks has a concrete implementation
public interface ISecurityTasks
{
bool IsViewableByCurrentUser(SecureEntity secureEntity);
}
public class Entity
{
public virtual int Id { get; set; }
}
public class SecureEntity : Entity
{
public virtual bool IsViewableByCurrentUser { get; set; }
}
public class Document : SecureEntity
{
public virtual string Title { get; set; }
}
public class Company : SecureEntity
{
protected virtual Document _secrectCompanyDocument { get; private set; }
public virtual Document SecretCompanyDocument
{
//if the current user doesn't have view permission then return null
get { return _secrectCompanyDocument.IsViewableByCurrentUser ? _secrectCompanyDocument : null; }
}
}
public class SecureEntityPostLoad : IPostLoadEventListener
{
public void OnPostLoad(PostLoadEvent postLoadEvent)
{
SecureEntity secureEntity = postLoadEvent.Entity as SecureEntity;
if (secureEntity != null)
{
//replace with a call to ISecurityTasks.IsViewableByCurrentUser(secureEntity);
secureEntity.IsViewableByCurrentUser = true;
}
}
}
class Program
{
static void Main(string[] args)
{
ISessionFactory sessionFactory = NHibernateInitializer.Initialize().BuildSessionFactory();
using (ISession session = sessionFactory.OpenSession())
using (ITransaction transaction = session.BeginTransaction())
{
var company = session.Get<Company>(1);
var title = company.SecretCompanyDocument.Title;
}
}
}
Valeriu Caraulean
Jul 24, 2012, 6:10:51 AM7/24/12
to nhu...@googlegroups.com
Have you looked at Rhino.Security? From the top of the head it have support for field-level security...
Valeriu
--
You received this message because you are subscribed to the Google Groups "nhusers" group.
To view this discussion on the web visit https://groups.google.com/d/msg/nhusers/-/mIUkigsn5YIJ.
To post to this group, send email to nhu...@googlegroups.com.
To unsubscribe from this group, send email to nhusers+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nhusers?hl=en.
Reply all
Reply to author
Forward
0 new messages