BuyLog In
Ticket Q446637
Visible to All Users

How can I filter data according user permission?

created 12 years ago

I have
multi user application. First user have a permission to work with a department “Dep1”.
Second user have a permission to work with a department “Dep2”.
I want the
expression new XPCollection<Department>()

returns “Dep1” for the first user and returns “Dep2”
for the second user.
Where
should I inject code for filtering data according user permission?

Sign in to comment on this post

Answers

created 12 years ago (modified 12 years ago)

Hi Andrey,
The XPO library does not support global filters out-of-the-box. You can implement a custom object layer (IObjectLayer) and modify criteria passed in the "queries" argument in LoadObjects, LoadObjectsAsync, SelectData and SelectDataAsync methods.
For example, if all your classes have the CompanyID member and you wish to filter out records by this member value, you can implement an object layer by inheriting from the existing SimpleObjectLayer class and overriding the necessary methods as follows:

C#
static class Program {  
    [STAThread]  
    static void Main() {  

        string connString = DevExpress.Xpo.DB.MSSqlConnectionProvider.GetConnectionString("(local)", "MyDB");  
        XpoDefault.ObjectLayer = new MySimpleObjectLayer(XpoDefault.GetDataLayer(connString, AutoCreateOption.None));  

        ...  
    }  
}  

public class MySimpleObjectLayer : SimpleObjectLayer, IObjectLayer {  
    public MySimpleObjectLayer(IDataLayer dataLayer) : base(dataLayer) { }  

    System.Collections.ICollection[] IObjectLayer.LoadObjects(Session session, ObjectsQuery[] queries) {  
        return base.LoadObjects(session, PatchCriteria(queries));  
    }  

    void IObjectLayer.LoadObjectsAsync(Session session, ObjectsQuery[] queries, DevExpress.Xpo.Helpers.AsyncLoadObjectsCallback callback) {  
        base.LoadObjectsAsync(session, PatchCriteria(queries), callback);  
    }  

    List<object[]> IObjectLayer.SelectData(Session session, ObjectsQuery query, CriteriaOperatorCollection properties, CriteriaOperatorCollection groupProperties, CriteriaOperator groupCriteria) {  
        return base.SelectData(session, PatchCriteria(query), properties, groupProperties, groupCriteria);  
    }  

    void IObjectLayer.SelectDataAsync(Session session, ObjectsQuery query, CriteriaOperatorCollection properties, CriteriaOperatorCollection groupProperties, CriteriaOperator groupCriteria, AsyncSelectDataCallback callback) {  
        base.SelectDataAsync(session, PatchCriteria(query), properties, groupProperties, groupCriteria, callback);  
    }  

    private ObjectsQuery[] PatchCriteria(ObjectsQuery[] queries) {  
        for (int i = 0; i < queries.Length; i++) {  
            queries[i] = PatchCriteria(queries[i]);  
        }  
        return queries;  
    }  

    private ObjectsQuery PatchCriteria(ObjectsQuery query) {  
        query.Criteria = GroupOperator.Combine(GroupOperatorType.And, query.Criteria, new BinaryOperator("CompanyID", "test"));  
        return query;  
    }  
}

In addition, I suggest that you refer to our source code to learn details of existing IObjectLayer implementations.
See also:
Object Access Layer.

    Show previous comments (1)
    DevExpress Support Team 12 years ago

      Thank you for the clarification. I have updated my answer.

      ML ML
      Michael Lang 12 years ago

        Hi Michael,
        thank you for keeping me up to date.
        How can I hook this into XAF ?
        Best regards
        Michael

        DevExpress Support Team 12 years ago

          Hi Michael,
          XAF already has a custom object layer that can filter data by means of security. You can grant appropriate permissions to your users to achieve the same goal.

          Sign in to comment on this post

          Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

          Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.