Hi,

We want to add a permission feature into our product where users will only be able to see some entities based on some criterion.

There is a way using QueryRootBuilder where we can add a filter on Query.All<t>() (on the queryEndPoint). But If I am not mistaken, it seems that other EntitySets or referenced Entities of the same type T won't be filtered. For example, lets say we have a Document entity such as :

[HierarchyRoot]
public class Document:Entity
{
 [Field, Key] 
 public long Id {get;set;}
 [Field]
 public int State {get;set;}
 [Field]
 public EntitySet<Document> SubDocuments {get;set;}
}

Using the QueryRootBuilder will only filter the 'root' entities but not the children, for example if we define the queryEndPoint like this :

queryEndPoint.Where(doc=>doc.State == 0)

It will only filter the root documents where state is 0 but if we loop on the EntitySet SubDocuments, the subdocuments won't be filtered (we will have all subdocuments)

Is there a way to do this ?

Regards, Benoit

asked Jan 25 at 05:18

Benoit%20Nesme's gravatar image

Benoit Nesme
17111318

edited Jan 25 at 10:23


2 Answers:

Hello Benoit Nesme,

Have you tried our Security extension? It allows you to make some rules of access to entities for users.

answered Jan 27 at 02:54

Alexey%20Kulakov's gravatar image

Alexey Kulakov
48215

Enabling and configuring Entity Filtering in your application Entity Filtering support in Jersey is provided as an extension module and needs to be mentioned explicitly in your pom.xml file (in case of using Maven): <dependency> <groupid>org.glassfish.jersey.ext</groupid> <artifactid>jersey-entity-filtering</artifactid> <version>2.25.1</version> </dependency>

Note If you're not using Maven make sure to have also all the transitive dependencies (see jersey-entity-filtering) on the classpath. The entity-filtering extension module provides three Features which you can register into server/client runtime in prior to use Entity Filtering in an application: EntityFilteringFeature Filtering based on entity-filtering annotations (or i.e. external configuration file) created using @EntityFiltering meta-annotation. SecurityEntityFilteringFeature Filtering based on security (javax.annotation.security) and entity-filtering annotations. SelectableEntityFilteringFeature Filtering based on dynamic and configurable query parameters. If you want to use both entity-filtering annotations and security annotations for entity data filtering it is enough to register SecurityEntityFilteringFeature as this feature registers also EntityFilteringFeature. Entity-filtering currently recognizes one property that can be passed into the Configuration instance (client/server): EntityFilteringFeature.ENTITY_FILTERING_SCOPE - "jersey.config.entityFiltering.scope" Defines one or more annotations that should be used as entity-filtering scope when reading/writing an entity. Note Processing of entity-filtering annotations to create an entity-filtering scope is defined by following: "Request/Resource entity annotations" > "Configuration" > "Resource method/class annotations" (on server). Check for essay writing service

answered Mar 09 at 01:04

kevinluther111's gravatar image

kevinluther111
5

Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!
toggle preview

Subscription:

Once you sign in you will be able to subscribe for any updates here

Tags:

×4
×1
×1
×1

Asked: Jan 25 at 05:18

Seen: 725 times

Last updated: Mar 09 at 01:04

powered by OSQA