Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handler.Original has same values as handler.Entity in GlobalUpdating. #52

Open
falkartis opened this issue Dec 18, 2019 · 5 comments
Open

handler.Original has same values as handler.Entity in GlobalUpdating. #52

falkartis opened this issue Dec 18, 2019 · 5 comments

Comments

@falkartis
Copy link

I've created a method using this library to control update operations that looks like this:

Triggers<Entity, DbContext>.GlobalUpdating.Add(handler => {
	if (!ChangeAllowed(handler.Original, handler.Entity)) {
		handler.Cancel = true;
	}
});

The problem I get is that both handler.Original and handler.Entity have the new values and my ChangeAllowed method always returns true.

This happens only when I'm passing a new Entity to the Update method from DbSet.
It doesn't happen if I modify a entity queried from the DbSet and then call the Update method.
@NickStrupat
Copy link
Owner

This is because new entities don't have "original values". The concept of original values is for entities that have already been persisted.

@falkartis
Copy link
Author

I understand that Original refers to the in-memory "original" entity rather than the entity that's in the database in the moment of the transaction.
My issue here is that it represents a security concern if a handler accepts a update because it hasn't been able to detect the changes correctly.
I can write a workaround and retrieve the database real original entity to use that as input of the validation method, but doing so will consume a lot of time. In this case there should be a way to tell the two situations apart.

@falkartis
Copy link
Author

So I rephrase the question:

How to detect if a entity has been retrieved from a DbSet and modified or if it has been created in some other way?

@NickStrupat
Copy link
Owner

If the entity is new, the Insert... triggers will be raised. If it existed already, the Update... triggers will be raised.

@falkartis
Copy link
Author

Let's consider following scenario:
Our database has a Users table like this one:

 ID  |  Name
-------------
 1   |  Foo
 2   |  Bar

And the code looks like this:

var dbCtx = SomeDatabaseInstantiationMechanism();
var user = new User { ID = 2, Name = "Baz" };
dbCtx.Users.Update(user);
dbCtx.SaveChanges();

In this case the GlobalUpdating triggers will be called and both handler.Original and handler.Entity will have "Baz" in the Name field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NickStrupat @falkartis