/// <summary>
/// In case of a delete command we always filter based on the tenantId
/// </summary>
private static void InterceptDeleteCommand(DbCommandTreeInterceptionContext interceptionContext, string tenantValue)
{
var deleteCommand = interceptionContext.Result as DbDeleteCommandTree;
if (deleteCommand == null)
{
return;
}
var column = TenantAttribute.GetTenantColumnName(deleteCommand.Target.VariableType.EdmType);
if (string.IsNullOrEmpty(column))
{
return;
}
// Create the variable reference in order to create the property
var variableReference = deleteCommand.Target.VariableType.Variable(deleteCommand.Target.VariableName);
// Create the property to which will assign the correct value
var tenantProperty = variableReference.Property(column);
var tenantIdWherePredicate = tenantProperty.Equal(DbExpression.FromString(tenantValue));
// The initial predicate is the sql where statement
var initialPredicate = deleteCommand.Predicate;
// Add to the initial statement the tenantId statement which translates in sql AND TenantId = 'value'
var finalPredicate = initialPredicate.And(tenantIdWherePredicate);
var newDeleteCommand = new DbDeleteCommandTree(
deleteCommand.MetadataWorkspace,
deleteCommand.DataSpace,
deleteCommand.Target,
finalPredicate);
interceptionContext.Result = newDeleteCommand;
}
/// <summary>
/// This method called before the one below it when a filtering is already exists in the query (e.g. fetch an entity by id)
/// so we apply the dynamic filtering at this level
/// </summary>
public override DbExpression Visit(DbFilterExpression expression)
{
var column = TenantAttribute.GetTenantColumnName(expression.Input.Variable.ResultType.EdmType);
if (_injectedDynamicFilter || string.IsNullOrEmpty(column))
{
return(base.Visit(expression));
}
var newFilterExpression = BuildFilterExpression(expression.Input, expression.Predicate, column);
return(base.Visit(newFilterExpression ?? expression));
}
/// <summary>
/// In case of an update command we always filter based on the tenantId
/// </summary>
private static bool InterceptUpdate(DbCommandTreeInterceptionContext interceptionContext, string tenantValue)
{
var updateCommand = interceptionContext.Result as DbUpdateCommandTree;
if (updateCommand == null)
{
return(false);
}
var column = TenantAttribute.GetTenantColumnName(updateCommand.Target.VariableType.EdmType);
if (string.IsNullOrEmpty(column))
{
return(false);
}
// Create the variable reference in order to create the property
var variableReference = updateCommand.Target.VariableType.Variable(updateCommand.Target.VariableName);
// Create the property to which will assign the correct value
var tenantProperty = variableReference.Property(column);
// Create the tenantId where predicate, object representation of sql where tenantId = value statement
var tenantIdWherePredicate = tenantProperty.Equal(DbExpression.FromString(tenantValue));
// Remove potential assignment of tenantId for extra safety
var filteredSetClauses =
updateCommand.SetClauses.Cast <DbSetClause>()
.Where(sc => ((DbPropertyExpression)sc.Property).Property.Name != column);
// Construct the final clauses, object representation of sql insert command values
var finalSetClauses =
new ReadOnlyCollection <DbModificationClause>(new List <DbModificationClause>(filteredSetClauses));
// The initial predicate is the sql where statement
var initialPredicate = updateCommand.Predicate;
// Add to the initial statement the tenantId statement which translates in sql AND TenantId = 'value'
var finalPredicate = initialPredicate.And(tenantIdWherePredicate);
var newUpdateCommand = new DbUpdateCommandTree(
updateCommand.MetadataWorkspace,
updateCommand.DataSpace,
updateCommand.Target,
finalPredicate,
finalSetClauses,
updateCommand.Returning);
interceptionContext.Result = newUpdateCommand;
// True means an interception successfully happened so there is no need to continue
return(true);
}
/// <summary>
/// In case of an insert command we always assign the correct value to the tenantId
/// </summary>
private static bool InterceptInsertCommand(DbCommandTreeInterceptionContext interceptionContext, string tenantValue)
{
var insertCommand = interceptionContext.Result as DbInsertCommandTree;
if (insertCommand == null)
{
return(false);
}
var column = TenantAttribute.GetTenantColumnName(insertCommand.Target.VariableType.EdmType);
if (string.IsNullOrEmpty(column))
{
return(false);
}
// Create the variable reference in order to create the property
var variableReference = insertCommand.Target.VariableType.Variable(insertCommand.Target.VariableName);
// Create the property to which will assign the correct value
var tenantProperty = variableReference.Property(column);
// Create the set clause, object representation of sql insert command
var tenantSetClause =
DbExpressionBuilder.SetClause(tenantProperty, DbExpression.FromString(tenantValue));
// Remove potential assignment of tenantId for extra safety
var filteredSetClauses =
insertCommand.SetClauses.Cast <DbSetClause>()
.Where(sc => ((DbPropertyExpression)sc.Property).Property.Name != column);
// Construct the final clauses, object representation of sql insert command values
var finalSetClauses =
new ReadOnlyCollection <DbModificationClause>(new List <DbModificationClause>(filteredSetClauses)
{
tenantSetClause
});
// Construct the new command
var newInsertCommand = new DbInsertCommandTree(
insertCommand.MetadataWorkspace,
insertCommand.DataSpace,
insertCommand.Target,
finalSetClauses,
insertCommand.Returning);
interceptionContext.Result = newInsertCommand;
// True means an interception successfully happened so there is no need to continue
return(true);
}
public override DbExpression Visit(DbScanExpression expression)
{
var column = TenantAttribute.GetTenantColumnName(expression.Target.ElementType);
if (_injectedDynamicFilter || string.IsNullOrEmpty(column))
{
return(base.Visit(expression));
}
// Get the current expression
var dbExpression = base.Visit(expression);
// Get the current expression binding
var currentExpressionBinding = dbExpression.Bind();
var newFilterExpression = BuildFilterExpression(currentExpressionBinding, null, column);
if (newFilterExpression != null)
{
// If not null, a new DbFilterExpression has been created with our dynamic filters.
return(base.Visit(newFilterExpression));
}
return(base.Visit(expression));
}