/// <summary> /// Calls all registered query policies in GuardianKernel /// </summary> /// <param name="context">The protection context.</param> public void Protect(QueryProtectionContext context) { context.Entry.Entity.ProtectionResult = ProtectionResults.Allow; context.Entry.Entity.RestrictedProperties = new List <string>(); foreach (var policy in context.Kernel.QueryPolicies) { var result = policy.Check(context); if (result.IsSuccess == false) { context.Entry.Entity.ProtectionResult = ProtectionResults.Deny; // If one of policies fail, we don't need to apply other ones break; } context.Entry.Entity.RestrictedProperties.AddRange(result.RestrictedProperties); } }
private void Context_ObjectMaterialized(object sender, ObjectMaterializedEventArgs e) { if (_kernel.EnableGuards == false) { return; } ObjectContext objectContext = ((IObjectContextAdapter)_context).ObjectContext; IObjectAccessEntry objectAccessEntry; if (objectContext.TryGetMaterializedEntry(e.Entity, out objectAccessEntry)) { var protectionContext = new QueryProtectionContext() { Kernel = _kernel, Entry = objectAccessEntry, EntityType = e.Entity.GetType() }; _kernel.QueryGuard.Protect(protectionContext); } }