0

Lets say I have two entities Location and Holidays. Holidays are associated with a Location. Therefore, in breeze I can write a query like follows to retrieve the holidays related to a particular location: 

 return EntityQuery.from('GetLocationById')
           .withParameters({ clientId: clientId, locationId : locationId })
           .extend("Holidays")
           .using(self.manager)
           .execute()
           .then(querySucceeded, this._queryFailed);

However, this data retrieval is permission based. I.e. there are two permissions for Locations and holidays. It could be that though the user has permission for locations, he may not have permissions for holidays. Is there anyway that I could still use the extend() method to retrieve the holidays, at the same time considering permissions? Or else, do I have to expose a separate method in the controller to retrieve holidays, after checking permissions?

Jeremy Danyow
  • 26,470
  • 12
  • 87
  • 133
devC
  • 1,384
  • 5
  • 32
  • 56

1 Answers1

1

In your example you're calling a controller action called GetLocationById and the behavior you're looking for is to have the action return the location (if the user has access to locations) as well as the related holidays (if the user has access to holidays).

One approach would be to not use expand in the entity query and instead let the server decide whether to include the holidays based on user permissions. For example:

public Location GetLocationById(id) 
{
    var query = context.Locations;
    if (user can access holidays)
        query = query.Include('Holidays');
    return query.Where(l => l.Id == id).SingleOrDefault();
}

I'm making a lot of assumptions here- forgive me if I misunderstood.

Jeremy Danyow
  • 26,470
  • 12
  • 87
  • 133