EF Core中的DB资源授权 [英] Db Resource Authorization in EF Core
问题描述
我正在编写Rest API框架,我想创建一个数据库授权上下文. 上下文接受一个角色解析器,并使用它来过滤默认设置.基于一组规则.
I'm writing a Rest API Framework, I'd like to create a db authorization context. The context takes in a role resolver and uses that to filter the default set. Base on a set of rules.
在我的第一次尝试中,我想也许可以对实体集应用默认过滤器以禁止访问某些资源
In my First Attempt I thought maybe I could apply default filters to the entity sets to prohibit access to certain resources
public class AuthorizationContext : DbContext
{
protected IConstraintResolver _constraintResolver;
public AuthorizationContext(IConstraintResolver constraintResolver)
{
this._constraintResolver = constraintResolver;
}
public override DbSet<TEntity> Set<TEntity>()
{
var defaultSet = base.Set<TEntity>();
var constraints = this._constraintResolver.GetConstraintsForTypeByRole<TEntity>();
var filteredSet = base.Set<TEntity>().AsQueryable();
foreach (var constraint in constraints)
{
filteredSet = filteredSet.Where(constraint);
}
//how do I apply this back to the innerQueryable
return filteredSet;
}
}
但这不能编译我,因为我无法将Queryable
转换回filteredDBSet
.
but this does not compile I because I cannot transform my Queryable
back to a filteredDBSet
.
我发现了一些有关在EF-Core中保护数据,但是使用这种方法并不是我想要保护数据的方式.
I found a few articles on different ways to Secure data in EF-Core, but using this method would require, is not how I want to secure my data.
- 我希望上下文根据角色隐式保护数据 (这样,使用上下文的任何用户都不必担心 包装他们的查询以检查授权.)
- 为用户提供了许多其他配置
- I want my context to implicitly secure data based off the role (so that any user using the context will not have to worry about wraping their queries to check for authorization.)
- A lot of additional configuration for the user
我有一个已经基于SQL元数据生成表达式的函数.我的问题是要过滤到DBSet
.
I have a function which already generates my Expressions based on the metadata of the SQL. My issue is applying to filter to the DBSet
s.
假设您获得了Expression<TEntity, Bool>
如何保护我的上下文,以便用户只能访问或修改我确定的数据?
Assuming you are given an Expression<TEntity, Bool>
How can I secure my context so that a user can only access or modify the data I've decided?
推荐答案
Expression<TEntity, bool>
听起来很适合EF Core 2.0
Expression<TEntity, bool>
sounds like a good candidate for EF Core 2.0 Global Query Filter.
您可以为特定实体设置它:
You can set it for specific entity:
modelBuilder.Entity<SomeEntity>().HasQueryFilter(expression);
或基于某些条件的多个实体-示例为 ef核心2将HasQueryFilter应用于所有实体.
or for multiple entities based on some criteria - examples are EF-Core 2.0 Filter all queries (trying to achieve soft delete) and ef core 2 apply HasQueryFilter for all entity.
请注意,当前全局查询过滤器具有某些局限性和特殊要求,如果它们需要动态等,则必须植根于DbContext
派生类.(
Please note that currently the global query filters have some limitations and special requirements to be rooted to the DbContext
derived class if they need to be dynamic etc. (EF Core: Soft delete with shadow properties and query filters). I'm pretty sure they will be improved over the time, but it's good to check if the current functionality can serve your needs.
这篇关于EF Core中的DB资源授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!