DevForce 2009: QuerySecurityCheck and SaveSecurityCheck

QuerySecurityCheck and SaveSecurityCheck

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2009
Forum Discription: For .NET 3.5
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=1095
Printed Date: 30-Apr-2025 at 2:22am

Topic: QuerySecurityCheck and SaveSecurityCheck

Posted By: sebma
Subject: QuerySecurityCheck and SaveSecurityCheck
Date Posted: 16-Feb-2009 at 7:56am

Hi all,

I couldn't seem to find any API reference help for the 2 virtual methods QuerySecurityCheck and SaveSecurityCheck mentioned in dev guide.

Is there any general samples detailing how to use/override the 2 virtual methods?

Thanks in advance!

Sebastian

Replies:

Posted By: kimj
Date Posted: 16-Feb-2009 at 12:34pm

QuerySecurityCheck and SaveSecurityCheck are not actually supported in DevForce EF, so what you've found in the Developer's Guide is obsolete.

Depending on your needs, you can provide the same features using property interception (using the partial BeforeGet, AfterGet, BeforeSet, AfterSet methods in the generated classes), client-side events on the EntityManager such as Fetching and Saving, server-side interfaces IEntityServerFetching and IEntityServerSaving, and also Verification. There's currently an instructional unit on Verification, with more samples coming in future releases.

Posted By: sebma
Date Posted: 11-May-2009 at 8:34am

Hello IdeaBlade support,

Coming back to this thread, I just installed DevForce v5.1.0, and would like to know if QuerySecurityCheck and SaveSecurityCheck are fully supported and if yes, is there a sample you can provide.

Thanks all!

Posted By: GregD
Date Posted: 11-May-2009 at 12:05pm

Originally posted by sebma

...would like to know if QuerySecurityCheck and SaveSecurityCheck are fully supported

QuerySecurityCheck and SaveSecurityCheck exist only in DevForce Classic. In current DevForce, the facilities provided in Classic by those methods are provided via IEntityServerFetching and IEntityServerSaving interfaces, respectively. By implementing these interfaces in your own class (deployed server-side) you gain the ability to intercept queries and saves, examine their content, and then take any desired actions including modifying or refusing the request.

IEntityServerFetching mandates the implementation of an OnFetching method which receives an EntityServerFetchingEventArgs parameter. That parameter provides access to the submitted Query object, the authenticated Principal (user) who submitted it, and a Cancel property, among other things.

Similarly, IEntityServerSaving mandates the implementation of an OnSaving method which receives an EntityServerSavingEventArgs parameter. That parameter provides access to the authenticated Principal (user) who submitted it, a Cancel property, and an EntityManager instance that contains all the entities submitted for the save.

Incidentally, you also get IEntityServerFetched and IEntityServerSaved interfaces for after-the-fact server-side processing of queries and saves.

Sorry, we don't yet have an example showing their use, but I think you will find it straightforward. Please post a question if not.

Posted By: sebma
Date Posted: 11-May-2009 at 12:29pm

When implementing IEntityServerFetching and IEntityServerSaving interfaces, with their OnXxx methods called by Entityserver, is it then mandatory to run N-Tier BOS during development and testing?

Thanks in advance.

Sebastian