locked
block some property when $expand RRS feed

  • Question

  • User592395570 posted

    hi all ,

    simple question, my project have a simple Role based access control (RBAC), so i don want everyone can easy to $expand resource.

    but as i known, Web API can only set 

    [EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Expand , MaxExpansionDepth=2)]

    can totally not allow "$expand" or limit the Depth 

    is it possible to set limit for properties (if can base on role, that's will be better)? 

    something look like 

    [EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Expand , propertiesNotAbleExpand="some property not albe to $expand")]

    Regards,

    Yam

    Tuesday, December 8, 2015 9:52 AM

All replies

  • User-2057865890 posted

    Hi,keatkeat

    If you want to exclude a property,you can set the [IgnoreDataMember] attribute on the property in the model class.

    You could refer to

    Security Guidance for ASP.NET Web API 2 OData

    Best regards,

    Chris Zhao

    Wednesday, December 9, 2015 6:29 AM
  • User592395570 posted

    Hi Chao,

    Thank you for reply.

    But it does not fix my question . 

    I can't just simple exclude some property for all user. It depend on their role. (RBAC). 

    Some user have the permission to $expand a property but some user not , so i need to base on their role to block property when $expand. 

    Any idea ? 

    Regards,

    Yam

    Monday, December 14, 2015 3:29 AM
  • User1066278571 posted

    Create a new class for this and add this to the ODATA model

    Greetings Damien

    Sunday, December 20, 2015 9:17 AM