Last post Dec 20, 2015 09:17 AM by damienBod
Dec 08, 2015 09:52 AM|keatkeat|LINK
hi all ,
simple question, my project have a simple Role based access control (RBAC), so i don want everyone can easy to $expand resource.
but as i known, Web API can only set
[EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Expand , MaxExpansionDepth=2)]
can totally not allow "$expand" or limit the Depth
is it possible to set limit for properties (if can base on role, that's will be better)?
something look like
[EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Expand , propertiesNotAbleExpand="some property not albe to $expand")]
Dec 09, 2015 06:29 AM|Chris Zhao|LINK
If you want to exclude a property,you can set the [IgnoreDataMember] attribute on the property in the model class.
You could refer to
Security Guidance for ASP.NET Web API 2 OData
Dec 14, 2015 03:29 AM|keatkeat|LINK
Thank you for reply.
But it does not fix my question .
I can't just simple exclude some property for all user. It depend on their role. (RBAC).
Some user have the permission to $expand a property but some user not , so i need to base on their role to block property when $expand.
Any idea ?
Dec 20, 2015 09:17 AM|damienBod|LINK
Create a new class for this and add this to the ODATA model