Javascript 使用角色保护Breeze Save功能
我想做的是,当从Breeze调用SaveChanges web api时,我检查要保存的实体类型,并确保用户具有添加/修改该实体类型的适当权限。到目前为止,我所拥有的:Javascript 使用角色保护Breeze Save功能,javascript,angularjs,breeze,Javascript,Angularjs,Breeze,我想做的是,当从Breeze调用SaveChanges web api时,我检查要保存的实体类型,并确保用户具有添加/修改该实体类型的适当权限。到目前为止,我所拥有的: [HttpPost] public SaveResult SaveChanges(JObject bundle) { _clientPortalContext.BeforeSaveEntitiesDelegate = ValidateSecurity; return _clientPortalContext.Sa
[HttpPost]
public SaveResult SaveChanges(JObject bundle)
{
_clientPortalContext.BeforeSaveEntitiesDelegate = ValidateSecurity;
return _clientPortalContext.SaveChanges(bundle);
}
private Dictionary<Type, List<EntityInfo>> ValidateSecurity(Dictionary<Type, List<EntityInfo>> saveMap)
{
List<EntityInfo> workItems;
if (saveMap.TryGetValue(typeof(WorkItem), out workItems))
{
if (workItems.Count(wi => wi.EntityState == Breeze.ContextProvider.EntityState.Added) > 0 && !Utilities.GetCurrentUser().HasPermission(1))
{
var errors = workItems.Select(wi => { return new EFEntityError(wi, "Not Authorized", "The current user is not authorized to create work items.", ""); });
throw new EntityErrorsException(errors);
}
}
return saveMap;
}
POST http://localhost:14307/breeze/WorkItem/SaveChanges 403 (Exception of type 'Breeze.ContextProvider.EntityErrorsException' was thrown.) angular.js:8380
TypeError: Cannot read property 'map' of undefined
at ctor._prepareSaveResult (http://localhost:14307/Scripts/breeze.debug.js:15625:43)
at Object.breeze.AbstractDataServiceAdapter.ctor.saveChanges.ajaxImpl.ajax.success (http://localhost:14307/Scripts/breeze.debug.js:14822:43)
at successFn (http://localhost:14307/Scripts/breeze.debug.js:15025:20)
at http://localhost:14307/scripts/angular.js:7946:11
at deferred.promise.then.wrappedCallback (http://localhost:14307/scripts/angular.js:11319:81)
at http://localhost:14307/scripts/angular.js:11405:26
at Scope.$get.Scope.$eval (http://localhost:14307/scripts/angular.js:12412:28)
at Scope.$get.Scope.$digest (http://localhost:14307/scripts/angular.js:12224:31)
at Scope.$get.Scope.$apply (http://localhost:14307/scripts/angular.js:12516:24)
at done (http://localhost:14307/scripts/angular.js:8204:45) undefined