LightSwitch with Oracle Data Source (part 3) – Server Side Data filtering
Long time ago I started those posts and now it’s time for me to write the next part.
But first I need to describe some changes based on version evolution of LightSwitch.
With the newest version we can filter table data on server side using session variables.
It all starts from “SessionCheck.aspx” (this is a file we added in part 2 for developing LightSwitch applications with external authentication)
The code shall look like this:
/// <summary> /// Summary description for SessionCheck /// </summary> public class SessionCheck : IHttpHandler, IRequiresSessionState { public void ProcessRequest(HttpContext context) { //Get Session ID from request string sid = context.Request.QueryString["sid"]; context.Response.ContentType = "text/plain"; //todo extract session values for this SID //Store Values in Session context.Session["grid"] = (decimal)GridFromSID; context.Session["brid"] = (decimal)BridFromSID; context.Session["usid"] = (decimal)UserIDFromSID; context.Session["name"] = (string)UserNAmeFromSID; //Responde Values to request context.Response.Write( "sid=" + sid + ";grid=" + context.Session["grid"] + ";brid=" + context.Session["brid"] + ";userid=" + context.Session["usid"] + ";name=" + context.Session["name"] ); } public bool IsReusable { get { return false; } } }
The new here is adding System.Web.SessionState.IRequiresSessionState allowing us to access Session object and storing values in it.
In logical view access any table you want to Data Filter and click on Write Code \ *_flter to enter filtering event code.
The code you see will look like this:
partial void CLIENTs_Filter(ref Expression<Func<CLIENT, bool>> filter) { // filter = e => e.IntegerProperty == 0; }
What we need to add for server side filtering in my case shall make the code to look like this:
partial void CLIENTs_Filter(ref Expression<Func<CLIENT, bool>> filter) { filter = e => ((e.GRID == ((decimal)System.Web.HttpContext.Current.Session["grid"])) && (e.BRID == ((decimal)System.Web.HttpContext.Current.Session["brid"]))); }
One more thing we need to do: All record shown in the application are now filtered and it will be nice in case of change or insert to be sure filtered values are not changed.
For this the be secured we need to add Insert handler, Delete handler and Update handler:
partial void CLIENTs_Inserting(CLIENT entity) { entity.GRID = ((decimal)System.Web.HttpContext.Current.Session["grid"]); entity.BRID = ((decimal)System.Web.HttpContext.Current.Session["brid"]); } partial void CLIENTs_Updating(CLIENT entity) { entity.GRID = ((decimal)System.Web.HttpContext.Current.Session["grid"]); entity.BRID = ((decimal)System.Web.HttpContext.Current.Session["brid"]); } partial void CLIENTs_Deleting(CLIENT entity) { entity.GRID = ((decimal)System.Web.HttpContext.Current.Session["grid"]); entity.BRID = ((decimal)System.Web.HttpContext.Current.Session["brid"]); }
It’s a lot to code for each entity object in your database, but it’s stable and secure way to filter input and output from your tables.