问题描述
一个朋友问:您是否有示例或文档,说明如何在将数据提交到数据库之前检查服务器上的Breeze变更集数据并执行服务器端验证和安全性检查?我的答案如下。
A friend asks "Do you have examples or docs on how to inspect the Breeze change-set data on the server and perform server side validation and security checks before committing the data to the database?" My answer follows.
推荐答案
请参阅 主题描述了用于此目的的Breeze.NET工具。
See the "Custom EFContextProvider" topic in the documentation which describes the Breeze.NET facilities for this purpose.
由 BreezeMvcSpa模板生产的应用程序提供了保存验证的味道(从广义上讲,包括安全检查在内)。
The app produced by the BreezeMvcSpa template offers a taste of save validation (understood in the broadest sense to include security checks).
查看Models / TodoRepository.cs ,该继承自 EFContextProvider< T> ;
。它会覆盖 BeforeSaveEntity(entityInfo)
,以确认您始终在更新/删除 TodoList
/ TodoItem
属于当前用户。它还将当前用户分配给新的 TodoList
。在真实的应用程序中,这将是一些专用于验证特定实体类型的帮助程序类的调度程序,这一点我在下面稍作阐述。
Look at Models/TodoRepository.cs which inherits from EFContextProvider<T>
. It overrides BeforeSaveEntity(entityInfo)
to confirm that you are always updating/deleting a TodoList
/TodoItem
that belongs to the current user. It also assigns the current user to a new TodoList
. In a real app, this would be a dispatcher to some helper classes dedicated to validating specific entity types, a point I slightly elaborate below.
还有其他两个重要的替代:
There are two other important overrides:
BeforeSaveEntities(saveMap)
为您提供了检查整个变更集的机会立刻。这是验证整个变更集整体的一种好方法,也许可以确保此保存请求作为单个事务有意义。这也是进行跨实体检查的好地方。为每个实体分别调用 BeforeSaveEntity(entityInfo)
后,调用 BeforeSaveEntities(saveMap)
。
BeforeSaveEntities(saveMap)
可能是将验证委派给专用帮助程序类的一个很好的分发点。我怀疑是否将所有验证逻辑放在一个大的 ContextProvider
类中。我不介意所有保存活动都是通过 ContextProvider.SaveChanges
门进行的,但是我不想在 ContextProvider 本身。
BeforeSaveEntities(saveMap)
might be a good dispatch point for delegating validation to dedicated helper classes. I doubt that I would put all of my validation logic in one big ContextProvider
class. I don’t mind that all save activity funnels through the ContextProvider.SaveChanges
gate but I don’t want to do all the work in the ContextProvider
itself.
SaveChangesCore
是另一个重要的替代。在这里,您可以进行最后的预保存准备,然后将更改集交给实际执行数据库保存的操作(例如 DbContext.SaveChanges
方法)。您可以在将控制权返回给 ContextProvider
之前截取保存操作的结果。
SaveChangesCore
is the other important override. That’s where you do any final pre-save preparation and hand the change-set to something that actually performs the database save (e.g., the DbContext.SaveChanges
method). You could intercept the result of the save operation before returning control to the ContextProvider
.
还请注意,在使用时 DbContext
, EF应用您在模型属性(标准集和自定义验证属性)中规定的验证。
Note also that, when using the DbContext
, EF applies the validations you prescribe in model attributes, both the standard set and your custom validation attributes.
我有更多保存建议,但现在可能足以消化。
I have more save advice but this is probably enough to digest right now.
这篇关于在保存之前,如何检查服务器上的变更集数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!