how to secure add or delete entities with breezejs

2019-08-09 09:50发布

问题:

how can I secure SaveChanges after I added or deleted an entity to breezejs?

  var newTodo = todoType.createEntity(initialValues);
  manager.addEntity(newTodo);

I want only to add/delete entities to a logged in user. Other users shouldn't be able to add an entity to another user via javascript hack.

Querying only allowed entites is possible via editing EFContextProvider on the server. But how does it work with delete or add?

回答1:

You can Prevent save Change on server side using

overriding BeforeSaveEntitiesDelegate method of contexProvider.

E.g

_contextProvider.BeforeSaveEntitiesDelegate = BeforeSaveEntities;

private Dictionary<Type, List<EntityInfo>> BeforeSaveEntities(Dictionary<Type, List<EntityInfo>> arg)
        {
            var resultToReturn = new Dictionary<Type, List<EntityInfo>>();
            foreach (var type in arg.Keys)
            {
                var entityName = type.FullName;
                var list = arg[type];
                if (entityName == "xyz" && list[0].EntityState!="Added")
                {
                    resultToReturn.Add(type, list);
                }
            }
            return arg;
        }

This will not save new added entity name "xyz".