Comments on: How we systemically apply filters to our data access

By: Adam Boddington

Adam Boddington — Sun, 30 Jan 2011 05:42:07 +0000

How do you handle restrictions on lazy loaded collections? Do you amend the collection with a query restriction in the property getter after loading, or do you have some way of getting the restriction into the SQL there too?

Elegant solution by the way. I had something similar but abandoned it in favor of NHibernate filters because of the collection problem.

By: Lars-Erik Roald

Lars-Erik Roald — Mon, 24 Jan 2011 21:50:24 +0000

I see. Looking forward to next post.

By: Joshua Flanagan

Joshua Flanagan — Mon, 24 Jan 2011 20:53:22 +0000

@Lars-Erik – IDataRestrictions are not part of the data access layer. They are part of the domain and can be leveraged by different parts of the application – including data access, as demonstrated here. In a follow up post I will demonstrate how these same data restrictions defined in the domain can be used to authorize access to URLs – nothing to do with data access.

By: Lars-Erik Roald

Lars-Erik Roald — Mon, 24 Jan 2011 20:29:00 +0000

I am sorry, but I don’t like this. You are doing the ‘sensitivity filtering’ at the wrong abstraction level. It is not a concern of the data acces layer. It is very CRUD-ish. I would rather have domainService returning ISensitiveDto or IRestrictedDto. I also think that queries dont belong in the presentation layer – specifications that are entity-agnostic are better. The serviceA could retrieve a list of IServiceASpecifications.

By: Scooletz

Scooletz — Mon, 24 Jan 2011 18:34:38 +0000

I do like the idea of applying an IDataRestrictions. The very similiar paradigm you can find in my authorization project called Themis: http://themis.codeplex.com/

It allows you not only apply simple conditions based on entities, but also crosscut it with properties of user user roles (for instance filtering based on a security level of a document and a reader role).