Do Not Allow Extensions for Certain EntityTypes in Breeze

Question

Do Not Allow Extensions for Certain EntityTypes in Breeze

I'm looking for an elegant way to prevent certain EntityTypes from being extended in BreezeJS. We have a (somewhat) public web service that we show, and there are some tables that we do not want to see for some users of this service. Although we can only expose Web APIs for these specific tables, service users can still access these tables by extending them from related tables.

Note. I posted an answer to this question, giving a workaround. However, I wonder if someone out there knows a more elegant way to skin this particular cat.

+1

odata asp.net-web-api entity-framework breeze

Grinn Feb 01 '13 at 13:43

source share

1 answer

Grinn · Accepted Answer · 2013-02-01T13:53:05+0000

On the UserVoice page , to request this feature to be officially added to the Breeze , Ward Bell offers a decent job:

Meanwhile, in your controller, you can check the query string from the query for $ select and $ expand and throw an exception if you see it.

I assume it will look something like this:

[HttpGet] public IQueryable<Widget> Widgets() { if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["$expand"])) { throw new Exception("Ah ah ah, you didn't say the magic word!"); } return _contextProvider.Context.Widgets; }

... to block all extensions or something more specific, to block the extension of functions. It is not too shabby, but not quite "elegant."

(Yes, this is a link to Jurassic Park .)

Do Not Allow Extensions for Certain EntityTypes in Breeze

More articles: