Hibernate Books

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Row/Record Level Security Suggestions
PostPosted: Fri Jun 29, 2012 2:54 pm 
Newbie

Joined: Fri Jun 29, 2012 2:18 pm
Posts: 1
Anyone find a good solution for this requirement? I've searched the forums, and no one seems to have a concrete solution mentioned.

If you don't know what I'm talking about, here's the use case:
We have a Name entity, and an Incident entity, each with a One-To-Many collection of NameIncidentLink entities. The link table has several columns that have metadata about the relationship of the incident to the name. We also have a SECURITY table that has (groupId, entityId, entityType).

You can view the list of Names from the Incident screen, and vice-versa. We want to lock an incident down so that only people in Group A know it exists.

I can use a filter on the Incident to lock that one down if I use a query to load the object. But the problem comes when we go to the name screen, and want to see all of the incident links. i.e. name.getIncidentLinks(). I'm not sure how i could get the query to be something like:

Code:
where nameIncidentLink.incidentId in (select * from SECURITY S join GROUP G join GROUP_USER GU where S.entityType = 'Incident' and GU.userId :currentUser ... [join user tables] ... )


I need the type because i can secure other objects as well. And that's where filters fall down it seems, since I have a parameter that is set depending which method I'm calling.

I've tried all sorts of ways including EventListeners and different types of Filters, even thought about overriding the EntityPersister. I think a solution that would work would be to create a hql query for each collection that does the joining i need, but that seems to loose a lot of the benefits of using the collection navigation in my views.

Any thoughts/ideas would be appreciated. Seems like a common use case, but maybe i'm crazy.

Steve


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.