Ayende @ Rahien

Refunds available at head office

Interview questions from hell

Given this:

   1: SecureFindAll(
   2:    "Order.View",
   3:    Where.Order.Customer.User == CurrentUser,
   4:    delegate(Order order) { return order.Customer}
   5: );

Juxtapose the usage and the reasoning.

Hint: Customer is an aggregate in DDD terms.

Comments

Ayende Rahien
05/28/2007 07:09 AM by
Ayende Rahien

That is my liberal sense of the English language, I meant Juxtapose.

No idea how I got the spelling like that, though.

Fixed, thanks.

Richard Hein
05/28/2007 03:21 PM by
Richard Hein

You don't want to return orders beyond the scope of the aggregate boundary root, for security reasons ... so passing a reference to the name of the view, "Order.View", a predicate and a delegate, I'm guessing SecureFindAll loads the Order.View component with all the Orders for the CurrentUser, the delegate being passed internally to some repository via a query. The predicate and delegate are the select and where conditions of the query, I guess you're using ActiveRecord or NHiberate, I am not sure. Since you are handling all the query and retrieval of the data in the SecureFindAll method then it is part of a controller that manages the view. You need to pass the name of the view because you have to tell SecureFindAll what the view variations are for authorized versus unauthorized users.

So you probably want to do something like this code:

[Layout("default")]

public class OrdersController : ARSmartDispatcherController {

public void ListOrders(bool isAjax) {

    PropertyBag["orders"] = (IList)Order.SecureFindAll("Order.View",

                   Where.Order.Customer.User == CurrentUser, 

                   delegate(Order order) { return order.Customer });

}

Ayende Rahien
05/28/2007 04:50 PM by
Ayende Rahien

Richard, very good explanation, but what is the reference to the view?

Comments have been closed on this topic.