Authorizers and prefetching

Posts   
 
    
worldspawn avatar
worldspawn
User
Posts: 321
Joined: 26-Aug-2006
# Posted on: 07-Jul-2010 02:25:11   

Is there some way to authorize an entity after it's performed it's prefetch? I need the prefetched data to perform the auhtorization...

daelmo avatar
daelmo
Support Team
Posts: 8245
Joined: 28-Nov-2005
# Posted on: 07-Jul-2010 04:25:54   

Mmm. No AFAIK. So yo need to read the child entities to know whether authorize or not on OnCanLoadEntity?

What if you set authorizer in the child elements, if something is wrong, you throw exception and the whole load is cancelled.... ?

David Elizondo | LLBLGen Support Team
worldspawn avatar
worldspawn
User
Posts: 321
Joined: 26-Aug-2006
# Posted on: 08-Jul-2010 02:09:43   

Hmm the data I need to determine auhtorisation would certainly be there. However the problem I see with throwing an exception is I might be opening 20 entities and have access to 10, I don't want the whole operation to fail, I just want the unauthorised entities to not be in the resulting list.

Maybe this could be something we could control in the future? I certainly see the argument for not prefetching entities you don't access to. In the meantime I've got the same result by including some joins in my query to make sure we get only what the user has access to.

neilx
User
Posts: 267
Joined: 02-Nov-2007
# Posted on: 19-Sep-2011 09:44:32   

Just for info: I had a similar issue. I needed to check a table of permissions in the same database as the entity I wanted to authorize. It turned out that I could invert the process and authorize the entity with the permissions instead of the real entity I wanted to authorize.

I could do this as I had a table higher in the object graph that was a fk to both the permissions table and the table I really wanted to be authorized.

This means I don't need to use another adapter in the authorizer just to get the permissions.

I guess I could always have used the authorizing logic in my application code, but using the Authorizer this way means that code is in one place.