public void DoCreateUpdateRightsTrigger(ObjectClass objClass) { var updateRightsTriggerName = Construct.SecurityRulesUpdateRightsTriggerName(objClass); var tblName = db.GetTableName(objClass.Module.SchemaName, objClass.TableName); if (db.CheckTriggerExists(tblName, updateRightsTriggerName)) db.DropTrigger(tblName, updateRightsTriggerName); var tblList = new List<RightsTrigger>(); tblList.Add(new RightsTrigger() { TblName = db.GetTableName(objClass.Module.SchemaName, objClass.TableName), TblNameRights = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass)), ViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass)) }); // Get all ObjectClasses that depends on current object class var list = schema.GetQuery<ObjectClass>() .Where(o => o.AccessControlList.OfType<RoleMembership>() .Where(rm => rm.Relations .Where(r => r.A.Type == objClass || r.B.Type == objClass).Count() > 0).Count() > 0) .Distinct().ToList().Where(o => o.NeedsRightsTable() && o != objClass); foreach (var dep in list) { Log.DebugFormat(" Additional update Table: {0}", dep.TableName); foreach (var ac in dep.AccessControlList.OfType<RoleMembership>()) { var rel = ac.Relations.FirstOrDefault(r => r.A.Type == objClass || r.B.Type == objClass); if (rel != null) { var rt = new RightsTrigger() { TblName = db.GetTableName(dep.Module.SchemaName, dep.TableName), TblNameRights = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesTableName(dep)), ViewUnmaterializedName = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(dep)), }; try { rt.Relations.AddRange(SchemaManager.CreateJoinList(db, dep, ac.Relations, rel)); } catch (Zetbox.Server.SchemaManagement.SchemaManager.JoinListException ex) { Log.Warn("Unable to create UpdateRightsTrigger on " + objClass, ex); return; } tblList.Add(rt); } } } // do not check fk_ChangedBy since it always changes, even when only recalculations were done. // ACLs MUST never use ChangedBy information var fkCols = objClass.GetRelationEndsWithLocalStorage() .Where(r => !(r.Type.ImplementsIChangedBy() && r.Navigator != null && r.Navigator.Name =="ChangedBy")) .Select(r => Construct.ForeignKeyColumnName(r.GetParent().GetOtherEnd(r))) .ToList(); db.CreateUpdateRightsTrigger(updateRightsTriggerName, tblName, tblList, fkCols); }