/// <summary>
/// Calls all registered query policies in GuardianKernel
/// </summary>
/// <param name="context">The protection context.</param>
public void Protect(QueryProtectionContext context)
{
context.Entry.Entity.ProtectionResult = ProtectionResults.Allow;
context.Entry.Entity.RestrictedProperties = new List <string>();
foreach (var policy in context.Kernel.QueryPolicies)
{
var result = policy.Check(context);
if (result.IsSuccess == false)
{
context.Entry.Entity.ProtectionResult = ProtectionResults.Deny;
// If one of policies fail, we don't need to apply other ones
break;
}
context.Entry.Entity.RestrictedProperties.AddRange(result.RestrictedProperties);
}
}
private void Context_ObjectMaterialized(object sender, ObjectMaterializedEventArgs e)
{
if (_kernel.EnableGuards == false)
{
return;
}
ObjectContext objectContext = ((IObjectContextAdapter)_context).ObjectContext;
IObjectAccessEntry objectAccessEntry;
if (objectContext.TryGetMaterializedEntry(e.Entity, out objectAccessEntry))
{
var protectionContext = new QueryProtectionContext()
{
Kernel = _kernel,
Entry = objectAccessEntry,
EntityType = e.Entity.GetType()
};
_kernel.QueryGuard.Protect(protectionContext);
}
}
