如何确保与breezejs添加或删除实体 [英] how to secure add or delete entities with breezejs
本文介绍了如何确保与breezejs添加或删除实体的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我怎么能保证我的SaveChanges增加或删除breezejs一个实体后?
how can I secure SaveChanges after I added or deleted an entity to breezejs?
var newTodo = todoType.createEntity(initialValues);
manager.addEntity(newTodo);
我只想添加/删除实体到登录的用户。其他用户不应该能够通过JavaScript的黑客实体添加到另一个用户。
I want only to add/delete entities to a logged in user. Other users shouldn't be able to add an entity to another user via javascript hack.
查询只允许的entites通过服务器上编辑EFContextProvider是可能的。但它是如何与删除或者添加?
Querying only allowed entites is possible via editing EFContextProvider on the server. But how does it work with delete or add?
推荐答案
您可以在服务器端使用prevent保存更改
You can Prevent save Change on server side using
覆盖 BeforeSaveEntitiesDelegate contexProvider的方式。
例如
_contextProvider.BeforeSaveEntitiesDelegate = BeforeSaveEntities;
private Dictionary<Type, List<EntityInfo>> BeforeSaveEntities(Dictionary<Type, List<EntityInfo>> arg)
{
var resultToReturn = new Dictionary<Type, List<EntityInfo>>();
foreach (var type in arg.Keys)
{
var entityName = type.FullName;
var list = arg[type];
if (entityName == "xyz" && list[0].EntityState!="Added")
{
resultToReturn.Add(type, list);
}
}
return arg;
}
这将不保存新增加的实体名称为XYZ。
This will not save new added entity name "xyz".
这篇关于如何确保与breezejs添加或删除实体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
