Ayende @ Rahien

Hi!
My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:

ayende@ayende.com

+972 52-548-6969

, @ Q c

Posts: 18 | Comments: 79

filter by tags archive

Comments

Ayende Rahien

That is my liberal sense of the English language, I meant Juxtapose.

No idea how I got the spelling like that, though.

Fixed, thanks.

Richard Hein

You don't want to return orders beyond the scope of the aggregate boundary root, for security reasons ... so passing a reference to the name of the view, "Order.View", a predicate and a delegate, I'm guessing SecureFindAll loads the Order.View component with all the Orders for the CurrentUser, the delegate being passed internally to some repository via a query. The predicate and delegate are the select and where conditions of the query, I guess you're using ActiveRecord or NHiberate, I am not sure. Since you are handling all the query and retrieval of the data in the SecureFindAll method then it is part of a controller that manages the view. You need to pass the name of the view because you have to tell SecureFindAll what the view variations are for authorized versus unauthorized users.

So you probably want to do something like this code:

[Layout("default")]

public class OrdersController : ARSmartDispatcherController {

public void ListOrders(bool isAjax) {

    PropertyBag["orders"] = (IList)Order.SecureFindAll("Order.View",

                   Where.Order.Customer.User == CurrentUser, 

                   delegate(Order order) { return order.Customer });

}

Ayende Rahien

Richard, very good explanation, but what is the reference to the view?

Comment preview

Comments have been closed on this topic.

FUTURE POSTS

  1. The insidious cost of allocations - one day from now
  2. Buffer allocation strategies: A possible solution - 4 days from now
  3. Buffer allocation strategies: Explaining the solution - 5 days from now
  4. Buffer allocation strategies: Bad usage patterns - 6 days from now
  5. The useless text book algorithms - 7 days from now

And 1 more posts are pending...

There are posts all the way to Sep 11, 2015

RECENT SERIES

  1. Find the bug (5):
    20 Apr 2011 - Why do I get a Null Reference Exception?
  2. Production postmortem (10):
    03 Sep 2015 - The industry at large
  3. What is new in RavenDB 3.5 (7):
    12 Aug 2015 - Monitoring support
  4. Career planning (6):
    24 Jul 2015 - The immortal choices aren't
View all series

Syndication

Main feed Feed Stats
Comments feed   Comments Feed Stats