Hi all, I need to develop a system that grant or deny access to specific fields of entities mapped with nHibernate.
Let's say I have the entity "Customer" that is exposed to the web through a WCF Service, (I use a WCF RIA Services, anyway that's not the point) and accordingly to the current user I must set the "SSN" field as visible or not visible in the UI, and the service mustn't return significant value for that field. (see this link for a clearer example).
I plan to develop an nHibernate interceptor that will override the OnLoad method and set to null (or some other meaningless value) all of the fields that the current user isn't authorized to see (it's not enough just to hide the UI control)
The problem raise up when I need to persist the updated values on the DB, and prevent that nHibernate update to null the "unauthorized field" (like the SSN one).
I know I can override the corresponding methods in the interceptor (or write a listener) and set the unauthorized fields back to the original ones, but I'm looking for a solution that prevents either to hit the db in order to reload the current value of the field, and to cache on the server the original ones.
I'm thinking about intercept the values that nHibernate read from the db in order to determine if the istance is persistent or transient, so, avoiding another hit on the DB, but I don't know how to accomplish this! Any ideas?
Thanks in advance, Marco