Databases
StackOverflow2013
Postsdbo
PORavenDB Authorization Bundle proper user of SecureFor
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORavenDB Authorization Bundle proper user of SecureFor
    primarykey
    data
    text
    <p>I am attempting to use RavenDB's authorization bundle to limit the results of a query (on WorkItems) by the permissions that have been explicitly set on WorkItem documents.</p> <p>For example:</p> <p>I have a user bob@bob.com with a userId of /users/1 and a WorkItem that has the following permissions set in the Meta-Data:</p> <pre><code>"Raven-Document-Authorization": { "Tags": [], "Permissions": [ { "Operation": "/Operations/WorkItem/Search", "User": "users/1", "Role": null, "Allow": true, "Priority": 1 } ] } </code></pre> <p>I would then expect the following code to limit a query (from Bob's perspective) to this one WorkItem, because that is all he has permission to.</p> <pre><code>using (var session = documentStore.OpenSession()) { session.SecureFor("raven/authorization/users/1", "/Operations/WorkItem/Search"); var workItemsQuery = from wi in session.Query&lt;WorkItem&gt;() select wi; var debts = workItemsQuery.ToList(); // do something with the work items } </code></pre> <p>I based my code on the following example from RavenDB's documentation (Context &amp; User section): <a href="http://ravendb.net/docs/2.5/server/extending/bundles/authorization-bundle-design" rel="nofollow noreferrer">http://ravendb.net/docs/2.5/server/extending/bundles/authorization-bundle-design</a></p> <p>What I am getting instead is WorkItems that have no explicit permissions set. This is very puzzling to me because if I run the following code:</p> <pre><code>using (var session = mDocumentStore.OpenSession()) { var answer = session.Advanced.IsOperationAllowedOnDocument(userId, operation, securableId); var allowed = answer.IsAllowed; } </code></pre> <p>allowed is true.</p> <p>One additional item of note, I am attempting to ignore or simply not use the authorization bundle's concept of role and I wonder if this is having some unintended effect.</p> <p>It is very possible that I am misunderstanding their example, could anyone shed any light on this subject for me? Thanks in advance.</p> <p>Also, I wondered if the issue I am encountering was related to this StackOverflow question: <a href="https://stackoverflow.com/questions/15357057/ravendb-raven-query-not-returning-correct-count-with-document-authorization">RavenDB: Raven Query not returning correct count with document authorization</a>, but their issue seems to be with the count and not necessarily the actual results.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USDovan Rogars
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PORavenDB Authorization Bundle proper user of SecureFor
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PORavenDB Authorization Bundle proper user of SecureFor
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PORavenDB Authorization Bundle proper user of SecureFor
      1. This table or related slice is empty.
      1. VTUpMod
    1. COIt appears that the issue was related to the use of "raven/authorization/users/1" syntax. When I changed the search command to simply use, "users/1" it worked correctly.
      singulars
      1. PORavenDB Authorization Bundle proper user of SecureFor
      1. USDovan Rogars
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload