how to secure add or delete entities with breezejs

2019-08-09 09:47发布

how can I secure SaveChanges after I added or deleted an entity to breezejs?

  var newTodo = todoType.createEntity(initialValues);
  manager.addEntity(newTodo);

I want only to add/delete entities to a logged in user. Other users shouldn't be able to add an entity to another user via javascript hack.

Querying only allowed entites is possible via editing EFContextProvider on the server. But how does it work with delete or add?

标签： javascript c# asp.net security breeze

1条回答

Fickle 薄情

2楼-- · 2019-08-09 10:11

You can Prevent save Change on server side using

overriding BeforeSaveEntitiesDelegate method of contexProvider.

E.g

_contextProvider.BeforeSaveEntitiesDelegate = BeforeSaveEntities;

private Dictionary<Type, List<EntityInfo>> BeforeSaveEntities(Dictionary<Type, List<EntityInfo>> arg)
        {
            var resultToReturn = new Dictionary<Type, List<EntityInfo>>();
            foreach (var type in arg.Keys)
            {
                var entityName = type.FullName;
                var list = arg[type];
                if (entityName == "xyz" && list[0].EntityState!="Added")
                {
                    resultToReturn.Add(type, list);
                }
            }
            return arg;
        }

This will not save new added entity name "xyz".

0人赞添加讨论(0) 举报

how to secure add or delete entities with breezejs

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间