Authorization for TypedView TypedLists

Posts   
 
    
Rosacek
User
Posts: 155
Joined: 18-Mar-2012
# Posted on: 29-Apr-2014 00:49:19   

Hi, is there any way how to use Authorizers for TypedViews and TypedLists?

As for as views, seems the only way to plug authorizers is to map view as entitycollection in designer and generate code.

Is there any other way? Or plan to add such feature in future releases?

daelmo avatar
daelmo
Support Team
Posts: 8245
Joined: 28-Nov-2005
# Posted on: 29-Apr-2014 06:15:01   

Not directly supported AFAIK, but I think that there is a way. - Are you using Adapter or SelfServicing? - What is LLBLGen version you are using ?

David Elizondo | LLBLGen Support Team
Rosacek
User
Posts: 155
Joined: 18-Mar-2012
# Posted on: 30-Apr-2014 18:50:38   

Using adapter and latest version. Means 4.1

daelmo avatar
daelmo
Support Team
Posts: 8245
Joined: 28-Nov-2005
# Posted on: 01-May-2014 07:34:26   

Authorization depends on a place which does the actual authorization. You can add this for typedlists to adapter using the following:

  • create a partial class to DataAccessAdapter
  • override
public virtual void FetchTypedList(IEntityFields2 fieldCollectionToFetch, DataTable dataTableToFill, IRelationPredicateBucket filterBucket, int maxNumberOfItemsToReturn, 
                ISortExpression sortClauses, bool allowDuplicates, IGroupByCollection groupByClause, int pageNumber, int pageSize)

In the override, cast dataTableToFill to ITypedList2 using 'as'. If not null, it's a typedlist and you can do your authorization magic there: allow it? call base. Not allow it? return.

David Elizondo | LLBLGen Support Team
Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 01-May-2014 10:02:26   

Quick question to understand the use case: the authorization relies on logic in-memory (e.g. thread user, active directory etc.) ? And you want to avoid reading certain fields as well as rows or just deny rows? As authorization based on fields is done when the properties are read on the entity, not when the row is read from the DB. denying rows is done when the rows are read from the DB however.

Frans Bouma | Lead developer LLBLGen Pro
Rosacek
User
Posts: 155
Joined: 18-Mar-2012
# Posted on: 01-May-2014 10:07:28   

Now I need to avoid reading some fields in TypedView and TypedLists, like social no, birthday etc.

Anyway it would be perfect to have the same mechanism as for entities, means fields and rows authorization, in this case read authorization only.

Walaa avatar
Walaa
Support Team
Posts: 14946
Joined: 21-Aug-2005
# Posted on: 02-May-2014 08:05:00   

You can make use of Database Views, map them to entities, so you can get the full fledged Authorization capability to deny/allow fields as well as records.

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 02-May-2014 10:23:43   

Indeed. But if entities don't work for you, you indeed have a problem. We'll see what we can do with v4.2 and this feature, but no promises.

Frans Bouma | Lead developer LLBLGen Pro
Rosacek
User
Posts: 155
Joined: 18-Mar-2012
# Posted on: 02-May-2014 19:53:37   

Yes, I know I can map views to entities to cheat simple_smile Say for views it is a way, but how about TypedLists ...

As for as TypedList it would be wonderfull to be able to plug there authorizes from involved entites. Say OrderEntity and ProductsEntity. This way we could define just authorizers for entites and plug them both to TypedList: OrdersWithProducts Maybe dream wink

I can make some workarounds in code for now, take it as new feature suggestion. I understand you need time to think of it.

Thanks for LLBL simple_smile

Rosacek
User
Posts: 155
Joined: 18-Mar-2012
# Posted on: 01-Jan-2015 12:40:18   

Any plan to enable Authorizers also for TypedViews and TypedLists in version 5?

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 02-Jan-2015 10:52:05   

No, not at the moment. (for 5.0). If it's added it will be a different system than with entities as we want to move away from the datatable based typedview/list classes, so there's no 'typedview' object holding rows: there are just row objects. This thus means that the authorizer has to be used with a query, e.g. through an adapter or e.g. linqmetadata object.

So perhaps after 5.0 simple_smile

Frans Bouma | Lead developer LLBLGen Pro