Append dynamic condition to every query issued by nhibernate
154 views
Skip to first unread message
gg
Feb 5, 2017, 5:21:32 AM2/5/17
to nhusers
Hello,
I'm trying to handle row-level security within my application and I need a way to append custom criteria to every query issued by nhibernate. With "custom criteria" I mean I'd like to write detached criteria and then attach them to the query being executed, dependending on the type of object being queried.
During my research I found a promising place to write the logic which is the "SqlString OnPrepareStatement(SqlString sql)" event. Unfortunately I cannot quite understand how to manipulate a detached criteria in order to build and SqlString and "attach" it to the SqlString passed as parameter in OnPrepareStatement. Probably this method gets called a little bit too late than I would have liked.
I am at a loss, is there a way to do what I'd like to do?
Thank you
I'm trying to handle row-level security within my application and I need a way to append custom criteria to every query issued by nhibernate. With "custom criteria" I mean I'd like to write detached criteria and then attach them to the query being executed, dependending on the type of object being queried.
During my research I found a promising place to write the logic which is the "SqlString OnPrepareStatement(SqlString sql)" event. Unfortunately I cannot quite understand how to manipulate a detached criteria in order to build and SqlString and "attach" it to the SqlString passed as parameter in OnPrepareStatement. Probably this method gets called a little bit too late than I would have liked.
I am at a loss, is there a way to do what I'd like to do?
Thank you
Ricardo Peres
Feb 6, 2017, 5:56:03 PM2/6/17
to nhusers
You can use filters. They apply to both entities and collections. See it here: http://nhibernate.info/doc/nhibernate-reference/filters.html.
RP
gg
Feb 7, 2017, 5:24:38 AM2/7/17
to nhusers
On Monday, February 6, 2017 at 11:56:03 PM UTC+1, Ricardo Peres wrote:
You can use filters. They apply to both entities and collections. See it here: http://nhibernate.info/doc/nhibernate-reference/filters.html.
Thank you Ricardo. In the previous post I forgot to mention that I'm aware of filters but they seem to be a bit "restrictive" for what I want to do.
I need to have a set of detached criteria that can be mixed and applied to objects based on an xml file that describes permissions. This file is loaded in a sort of dictionary (ObjectType, permissions) when the application starts and whenever a query is issued I need to read the permission associated to the object being queried and apply the correct detached criteria. This is xml file is configurable and changes for various reason. I don't want to change the code when I need to modify this kind of permissions, that's why I think filters won't work.
Oskar Berggren
Feb 7, 2017, 6:13:15 AM2/7/17
to nhusers
I've done it on a higher level, and based on linq. Instead of starting with session.Query<T>() I start with session.QueryAccessible<T> when I write queries. Collection properties are not filtered when loaded by association in my scenario.
--
You received this message because you are subscribed to the Google Groups "nhusers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nhusers+unsubscribe@googlegroups.com.
To post to this group, send email to nhu...@googlegroups.com.
Visit this group at https://groups.google.com/group/nhusers.
For more options, visit https://groups.google.com/d/optout.
gg
Feb 7, 2017, 6:42:29 AM2/7/17
to nhusers
On Tuesday, February 7, 2017 at 12:13:15 PM UTC+1, Oskar Berggren wrote:
I've done it on a higher level, and based on linq. Instead of starting with session.Query<T>() I start with session.QueryAccessible<T> when I write queries. Collection properties are not filtered when loaded by association in my scenario.
I do this as well right now, but I don't find it good enough exactly because you cannot filter collections when loaded by associations. This may cause serious security bugs.
It seems like we are lacking an event of some kind where we can attach the logic. The OnPrepareStatement receives a SqlString which is, as far as I understand, pretty difficult to manipulate in a sane way. Unless you have to attach the same piece of query regardless the object being queried.
Afroservice
Oct 14, 2022, 3:53:23 PM10/14/22
to nhusers
Any sample on how you made it?
On Tuesday, February 7, 2017 at 6:13:15 AM UTC-5 Oskar Berggren wrote:
I've done it on a higher level, and based on linq. Instead of starting with session.Query<T>() I start with session.QueryAccessible<T> when I write queries. Collection properties are not filtered when loaded by association in my scenario.2017-02-07 7:56 GMT+00:00 gg <mahat...@gmail.com>:
On Monday, February 6, 2017 at 11:56:03 PM UTC+1, Ricardo Peres wrote:You can use filters. They apply to both entities and collections. See it here: http://nhibernate.info/doc/nhibernate-reference/filters.html.
Thank you Ricardo. In the previous post I forgot to mention that I'm aware of filters but they seem to be a bit "restrictive" for what I want to do.
I need to have a set of detached criteria that can be mixed and applied to objects based on an xml file that describes permissions. This file is loaded in a sort of dictionary (ObjectType, permissions) when the application starts and whenever a query is issued I need to read the permission associated to the object being queried and apply the correct detached criteria. This is xml file is configurable and changes for various reason. I don't want to change the code when I need to modify this kind of permissions, that's why I think filters won't work.
--
You received this message because you are subscribed to the Google Groups "nhusers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nhusers+u...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages