Ayende @ Rahien

Hi!
My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:

ayende@ayende.com

+972 52-548-6969

, @ Q c

Posts: 6,125 | Comments: 45,492

filter by tags archive

Comments

Ayende Rahien

That is my liberal sense of the English language, I meant Juxtapose.

No idea how I got the spelling like that, though.

Fixed, thanks.

Richard Hein

You don't want to return orders beyond the scope of the aggregate boundary root, for security reasons ... so passing a reference to the name of the view, "Order.View", a predicate and a delegate, I'm guessing SecureFindAll loads the Order.View component with all the Orders for the CurrentUser, the delegate being passed internally to some repository via a query. The predicate and delegate are the select and where conditions of the query, I guess you're using ActiveRecord or NHiberate, I am not sure. Since you are handling all the query and retrieval of the data in the SecureFindAll method then it is part of a controller that manages the view. You need to pass the name of the view because you have to tell SecureFindAll what the view variations are for authorized versus unauthorized users.

So you probably want to do something like this code:

[Layout("default")]

public class OrdersController : ARSmartDispatcherController {

public void ListOrders(bool isAjax) {

    PropertyBag["orders"] = (IList)Order.SecureFindAll("Order.View",

                   Where.Order.Customer.User == CurrentUser, 

                   delegate(Order order) { return order.Customer });

}

Ayende Rahien

Richard, very good explanation, but what is the reference to the view?

Comment preview

Comments have been closed on this topic.

FUTURE POSTS

  1. RavenDB 3.5 whirl wind tour: I'll have the 3+1 goodies to go, please - 3 days from now
  2. The design of RavenDB 4.0: Voron has a one track mind - 4 days from now
  3. RavenDB 3.5 whirl wind tour: Digging deep into the internals - 5 days from now
  4. The design of RavenDB 4.0: Separation of indexes and documents - 6 days from now
  5. RavenDB 3.5 whirl wind tour: Deeper insights to indexing - 7 days from now

And 10 more posts are pending...

There are posts all the way to May 30, 2016

RECENT SERIES

  1. The design of RavenDB 4.0 (14):
    05 May 2016 - Physically segregating collections
  2. RavenDB 3.5 whirl wind tour (14):
    04 May 2016 - I’ll find who is taking my I/O bandwidth and they SHALL pay
  3. Tasks for the new comer (2):
    15 Apr 2016 - Quartz.NET with RavenDB
  4. Code through the looking glass (5):
    18 Mar 2016 - And a linear search to rule them
  5. Find the bug (8):
    29 Feb 2016 - When you can't rely on your own identity
View all series

Syndication

Main feed Feed Stats
Comments feed   Comments Feed Stats