views:

49

answers:

0

Hi. I got:

public interface IRepository<TE, TK>
    where TE : class, IEntityId<TK>, new()
    where TK : struct
{
    IQueryable<TE> Query();
    void Create(TE entity);
    void Update(TE entity);
    void Delete(TE entity);
}

The Query method should return a data list via Entity Framework 4 ORM.

Use case: I need all august orders in grid to show them to manager.

The problem: I got a company with many brances and one database with all compaies data. If someone manager or saler want "to see all orders" then he must see only orders from his branch office (or branch office + employees in depends of his role)

How to do that?

What i've done: Each entity has OwnerID column. When someone call Query method in Repository the implementation looks like this:

        IQueryable<TE> IRepository<TE, TK>.Query()
    {
        return RestrictQuery(ObjectSet);
    }


        private IQueryable<TE> RestrictQuery(IQueryable<TE> query)
    {
        var permission = _securutyService.GetReadListPermission(typeof (T).Name);
        var permission = new ReadListPermission { AccessType = AccessType.Full };

        switch (permission.AccessType)
        {
            case AccessType.None:
                throw new SecurityAccessDeniedException(CreateErrorMessage("Access denied"));
            case AccessType.Owner:
                return query.Where(x => permission.OwnerTokens.Contains(x.OwnerCode));
            case AccessType.Department:
                return query.Join(_hierarchyRepository.Query().Where(d => permission.Departments.Contains(d.DepartmentCode)),
                        e => e.OwnerCode, h => h.OwnerCode, (e, h) => e);
                return query;
            case AccessType.Full:
                return query;
            default:
                throw new SecurityAccessDeniedException(CreateErrorMessage("Access denied"));
        }
    }

Where securutyService is WCF service with is check user roles. What do you think about this?

P.S. It's my first ORM project )