Ayende @ Rahien

Hi!
My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:

ayende@ayende.com

+972 52-548-6969

, @ Q c

Posts: 5,968 | Comments: 44,484

filter by tags archive

Comments

Ayende Rahien

That is my liberal sense of the English language, I meant Juxtapose.

No idea how I got the spelling like that, though.

Fixed, thanks.

Richard Hein

You don't want to return orders beyond the scope of the aggregate boundary root, for security reasons ... so passing a reference to the name of the view, "Order.View", a predicate and a delegate, I'm guessing SecureFindAll loads the Order.View component with all the Orders for the CurrentUser, the delegate being passed internally to some repository via a query. The predicate and delegate are the select and where conditions of the query, I guess you're using ActiveRecord or NHiberate, I am not sure. Since you are handling all the query and retrieval of the data in the SecureFindAll method then it is part of a controller that manages the view. You need to pass the name of the view because you have to tell SecureFindAll what the view variations are for authorized versus unauthorized users.

So you probably want to do something like this code:

[Layout("default")]

public class OrdersController : ARSmartDispatcherController {

public void ListOrders(bool isAjax) {

    PropertyBag["orders"] = (IList)Order.SecureFindAll("Order.View",

                   Where.Order.Customer.User == CurrentUser, 

                   delegate(Order order) { return order.Customer });

}

Ayende Rahien

Richard, very good explanation, but what is the reference to the view?

Comment preview

Comments have been closed on this topic.

FUTURE POSTS

  1. Pointer arithmetic and dynamic HTML generation FTW–at 2 AM - 36 minutes from now

There are posts all the way to Jul 28, 2015

RECENT SERIES

  1. Career planning (6):
    24 Jul 2015 - The immortal choices aren't
  2. Production postmortem (4):
    23 Jul 2015 - The case of the native memory leak
  3. API Design (7):
    20 Jul 2015 - We’ll let the users sort it out
  4. What is new in RavenDB 3.5 (3):
    15 Jul 2015 - Exploring data in the dark
  5. The RavenDB Comic Strip (3):
    28 May 2015 - Part III – High availability & sleeping soundly
View all series

Syndication

Main feed Feed Stats
Comments feed   Comments Feed Stats