LINQ-to-SQL 中的记录级安全性
我正在为 LINQ-to-SQL 应用程序开发记录级安全系统。我目前有一个围绕 DataContext 的 GetTable 方法的包装器,它将 T 连接到用户交叉引用表。 T 是实现我的 ISecurable 接口的任何类:
public interface ISecurable
{
bool CanRead { get; set; }
bool CanUpdate { get; set; }
bool CanDelete { get; set; }
}
我的基本存储库类执行连接并更新指定用户的每个故事的 CanRead、CanUpdate 和 CanDelete 属性:
var storiesVisibleToUser = repository.Get<Story>( user );
我想用扩展方法替换包装器,所以我可以这样做像这样的事情:
var storiesVisibleToUser = repository.Get<Story>().ApplySecurity( user );
这是一个微妙的变化,但会大大减少安全代码和通用数据访问代码之间的耦合,因此它将为我提供更多的灵活性来添加组级安全性等内容。
问题是ApplySecurity扩展方法无法访问原始DataContext,因此它无法使用GetTable<>。检索交叉引用记录。
两个问题:
有没有办法获取 IQueryable 的 DataContext,缺少 子类化/包装它并将上下文传递给构造函数?
扩展方法是执行此操作的“正确”方法吗?还是应该坚持使用存储库中可以访问原始上下文的方法?
I'm working on a record-level security system for a LINQ-to-SQL app. I currently have a wrapper around the DataContext's GetTable method that joins T to a user cross-reference table. T is any class that implements my ISecurable interface:
public interface ISecurable
{
bool CanRead { get; set; }
bool CanUpdate { get; set; }
bool CanDelete { get; set; }
}
My base repository class performs the join and updates each story's CanRead, CanUpdate, and CanDelete properties for the specified user:
var storiesVisibleToUser = repository.Get<Story>( user );
I'd like to replace the wrapper with an extension method, so I can do something like this:
var storiesVisibleToUser = repository.Get<Story>().ApplySecurity( user );
It's a subtle change, but will greatly decrease the coupling between the security code and the general data access code, so it will give me more flexibility for adding stuff like group-level security.
The problem is that the ApplySecurity extension method doesn't have access to the original DataContext, so it can't use GetTable<> to retrieve the cross-reference records.
Two questions:
Is there any way to get an IQueryable's DataContext, short of subclassing/wrapping it and passing the context in to the constructor?
Is an extension method the "proper" way to do this, or should I stick with a method in my repository that would have access to the original context?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
一种可能的解决方案是在故事和交叉引用表之间创建关联。然后,另一个表可用于 Story 查询,而无需引用原始上下文。
One possible solution is to create an association between the Story and the cross-reference table. That then makes the other table available to Story queries without needing a reference to the original context.