How to handle authorization with Breeze JS?

后端未结

关注

 3  1139

情书的邮戳 2021-01-20 04:18

Currently my app looks at router parameter and logged in user (Principal.Identity) to authorize access to certain resources (e.g: Add student to your class [identity + class

3条回答

抹茶落季 (楼主)

2021-01-20 04:51

Breeze can have as many 'save' endpoints as you want. For example, a hypothetical server implementation might be

[BreezeController]
public class MyController : ApiController {

  [HttpPost]
  [Authorize(...)]
  public SaveResult SaveCustomersAndOrders(JObject saveBundle) {
    // CheckCustomersAndOrders would be a custom method that validates your data 
    ContextProvider.BeforeSaveEntitiesDelegate = CheckCustomerAndOrders;
    return ContextProvider.SaveChanges(saveBundle);
  }

  [HttpPost]
  [Authorize]
  public SaveResult SaveSuppliersAndProducts(JObject saveBundle) {
     ...
  }

You would call these endpoints like this

var so = new SaveOptions({ resourceName: "SaveWithFreight2", tag: "freight update" });

   myEntityManager.saveChanges(customerAndOrderEntities, { 
     resourceName: "SaveCustomersAndOrder" }
   ).then(...)

   myEntityManager.saveChanges(supplierAndProductEntities, { 
     resourceName: "SaveSuppliersAndProducts" }
   ).then(...)

Authorization is mediated via the [Authorize] attribute on each of the [HttpPost] methods. You can read more about the [Authorize] attribute here: http://sixgun.wordpress.com/2012/02/29/asp-net-web-api-basic-authentication/

0 讨论(0)

查看其它3个回答