Databases
StackOverflow2013
Postsdbo
POMVC repository pattern, how to security trim?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POMVC repository pattern, how to security trim?
    text
    copied!<p>Currently I am writing a web application in MVC 4. I am using a generic repository pattern. It works well. So I have something like the followings,</p> <pre><code>public class AddressRepository : IAddressRepository { private AISDbContext context = new AISDbContext(); public IQueryable&lt;Address&gt; GetAddresses() { return context.Address; } } </code></pre> <p>But now I need to add something that filters the data more. Based on the logged in user's role, this data should be more filtered. </p> <p>something like this.. </p> <pre><code>public IQueryable&lt;Address&gt; GetAddresses() { return context.Address.where(x=&gt;x.haspermissions = CURENTUSER.Role); } </code></pre> <p>Now I could always add another function like this, but I want to try an be general. I want to know if I can just use the first bit of code and inherit from another class, that just applies the security trimming. This way I do not have to rewrite all my queries, I simply tell each class to inherit from the security trimmer. hope that makes sense..</p> <p>Thanks</p> <p>updated code</p> <pre><code>public class AddressRepository : SecureRepositoryBase&lt;Address&gt;, IAddressRepository { private AISDbContext context = new AISDbContext(); public IQueryable&lt;Address&gt; GetAll() { return base.RetrieveSecure(context.Address, 1); } } public abstract class SecureRepositoryBase&lt;T&gt; where T : ISecuredEntity { public IQueryable&lt;T&gt; RetrieveSecure(IQueryable&lt;T&gt; entities, int currentUser) { return entities.Where(e =&gt; e.InspectorId == currentUser); } } public interface ISecuredEntity { int? InspectorId { get; set; } } public class Address: ISecuredEntity { public int COESNo { get; set; } public int Postcode { get; set; } public int AuditAuthNo { get; set; } public bool? SelectedForAudit { get; set; } public int? RECId { get; set; } public string CustomerName { get; set; } public string CustomerAddress { get; set; } public int? CustomerSuburbId { get; set; } public int? InspectorId { get; set; } public DateTime? AuditDate { get; set; } public int? AuditType { get; set; } public int? UploadType { get; set; } public string COESImage { get; set; } public DateTime CreatedDate { get; set; } public int? CreatedBy { get; set; } public DateTime? ModifiedDate { get; set; } public int? ModifiedBy { get; set; } public virtual UserDetails Inspector { get; set; } public virtual Postcodes CustomerSuburb { get; set; } public virtual ResponsiblePerson RPerson { get; set; } public virtual UserProfile CreatedByUser { get; set; } public virtual UserProfile ModifiedByUser { get; set; } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload