Hello,

We have a project that requires adding security bits to each object. At the object level we want to control whether the user is allowed to create or delete that object. At the property level we want to control whether the user is allowed to read or update it.

On our end we have a lot of great ideas on how to control this, using NHibernate interception points, as well as some of our own interception points (since we have completely wrapped calls to NHibernate, the developer does not talk to NHibernate's ISession directly.)

Although we have yet to actually implement it, our theories seem to work.

If anybody has any suggestions on that piece I would be glad to hear them, but the reason I am posting to the forum is because we are trying to figure out the best way to stop the reading of scalar values from a query if they do not have read rights to that property of an object.

When using SQL queries we have pretty much decided that the developer is going to have to specify which object and property a scalar is coming back from (instead of just the type), which we are ok with, and it seems to be the only option since NHibernate definitely won't know (if it did we wouldn't have to specify the type).

One option for us is to do the same on the HQL queries, have the developer specify which object\property a scalar is associated with. But since we know the data is in NHibernate somewhere, it would be extremely nice to not have to.

Ideally if the IQuery interface gave us a list of objects and properties that were being accessed in the HQL when you called CreateQuery we would have the data we need. And I am not actually suggesting that since the HQL doesn't actually get compiled until you call List(), and I am sure for many other reasons, but I am just trying to give you an idea of the kind of data we need and roughly when we need it (If we had the data after calling List() that would be ok, but it would be nice to stop them before making the database call).

So what is my question? Basically, is it possible to take an HQL query that involves scalar values and get a list of objects\properties back that map to the scalars in my query? Digging through the code, it looked like I would have some options if I completely tore apart the NHibernate code, which I am REALLY trying to avoid since we are trying to leave our upgrade path to NH 2.0 as easy as possible, even though we have made some small tweaks to get NH to work in our architecture. It also looked like I might have some options if I was willing take the performance cost of parsing the query twice.

I hope I have explained what I am trying to do, and what I am looking for from this forum well. Any general advice on the idea would be appreciated, as well as if anyone has any good ideas on how to best handle the scalar query issue.

Thanks a lot for your time. Please let me know if I can provide more data that would be useful.

Thanks,

Sean F.

Version: 1.2.0 GA