locked
Creating a Date/Time Stamp on new or updated rows RRS feed

  • Question

  • I'm am beginning Lightswitch developement and I'm creating a very simple database with just one table.  I'd ike to create a 'LastUpdated' column, so that anytime a user adds a row or updates data in a previous row I want the data/time to update in the LastUpdated field.  Can anyone help with this?

    Thanks

    Tuesday, February 5, 2013 3:22 AM

Answers

  • @Hessc

    I'm sure you meant EntityName_Inserting, not EntityName_Created, yes?

    Paul,

    The Inserting & Updating methods run on the server, not on the client. They live in the DataService class for the data source (ApplicationData, or an attached data source).



    Hi Yann,

    Indeed, but the OP was refering to the _Created method, which is running on the tier where you do the create, so in most case the client tier.

    Since inserting and updating are running server only, it's a more secure place to do audit handling.

    @Hessc:

    What I mean with security in this context, is that a bogus user can insert a record (e.g. via a console application and insert the audit fields himself, e.g. a createdBy field with other user name.

    If you use the _Created method, that will be possible. The _created method is only applied when you insert a record via the silverlight client. In case your audit handling is in the _updated/_inserted methods server side, a bogus user can't cheat.



    paul van bladel

    • Marked as answer by Angie Xu Tuesday, February 26, 2013 5:26 AM
    Saturday, February 16, 2013 7:59 AM

All replies

  • This is a simple form of a process that is called auditing. If you search the forums for "audit", you'll find many threads/examples on how to do this.


    Justin Anderson, LightSwitch Development Team

    Tuesday, February 5, 2013 5:06 AM
    Moderator
  • I'm reading the audit posts, and they are geared towards posting that information to a seperate table.  What I want to do is when I used updates a row in the table, I want to update the 'LastUpdated' field in that row with the current date/time.  I'm guessing that I need to do this in code somehow before the record is saved but I don't know how.
    Tuesday, February 5, 2013 5:45 PM
  • Tuesday, February 5, 2013 9:42 PM
  • Create two properties, DateCreated and LastUpdated both of type DateTime.

    In the entity designer click "Write Code" and select the method _Created.

    Code (VB): Me.DateCreated = DateTime.Now()

    Back in the entity designer, again click "Write Code and select the method _Updating

    Code: Me.LastUpdated = DateTime.Now()

    Wednesday, February 6, 2013 3:54 AM
  • @Hessc: Sure, that's the easy solution and it's ok depending how much you care about app security.

    If someone connects to your app over the odata service he will be able to introduce records with bogus "audit" fields since your code runs on the client, but not necessarily on the external client (over the odata service).

    The code I'm referring to runs on the server and has the advantage that it plugs in on every entity type you desire.

    That's better but not perfect neither. Hyper secure auditing happens on database server level (even not on database level). 


    paul van bladel

    Wednesday, February 6, 2013 7:37 AM
  • @Hessc

    I'm sure you meant EntityName_Inserting, not EntityName_Created, yes?

    Paul,

    The Inserting & Updating methods run on the server, not on the client. They live in the DataService class for the data source (ApplicationData, or an attached data source).


    Yann - LightSwitch Central - Click here for FREE Themes, Controls, Types and Commands
     
    Please click "Mark as Answer" if a reply answers your question. Please click "Vote as Helpful" , if you find a reply helpful.
     
    By doing this you'll help others to find answers faster.

    Wednesday, February 6, 2013 8:43 AM
    Moderator
  • Sorry, I missed responding to this.  I meant _Created in the post, but also fully aware of using _Inserting for this as well.  I was not thinking in terms of security at all, but that is a good point.  The _Inserting method would be somewhat more secure running only on the server. 

    But now that you mention it, I thought that LS security worked the same way over Odata. Meaning that if a user does not have a permission to create a record, they can't create one via Odata either.  If the Odata user has the permission, the audit record would not be bogus (in my thinking).  If I am missing something, please let me know because I am very much interested in leveraging LS Odata output.

    Friday, February 15, 2013 10:10 PM
  • Wait, I get it now, duh!  Client code won't execute in the Odata scenario.  Entity_Inserting would overwrite any bogus user entered audit data, so yes, that is a superior way to do it.
    Saturday, February 16, 2013 3:08 AM
  • @Hessc

    I'm sure you meant EntityName_Inserting, not EntityName_Created, yes?

    Paul,

    The Inserting & Updating methods run on the server, not on the client. They live in the DataService class for the data source (ApplicationData, or an attached data source).



    Hi Yann,

    Indeed, but the OP was refering to the _Created method, which is running on the tier where you do the create, so in most case the client tier.

    Since inserting and updating are running server only, it's a more secure place to do audit handling.

    @Hessc:

    What I mean with security in this context, is that a bogus user can insert a record (e.g. via a console application and insert the audit fields himself, e.g. a createdBy field with other user name.

    If you use the _Created method, that will be possible. The _created method is only applied when you insert a record via the silverlight client. In case your audit handling is in the _updated/_inserted methods server side, a bogus user can't cheat.



    paul van bladel

    • Marked as answer by Angie Xu Tuesday, February 26, 2013 5:26 AM
    Saturday, February 16, 2013 7:59 AM
  • Agree 100%.
    Saturday, February 16, 2013 5:48 PM