Remove specific attributes from object in C#

Question

I'm on the way to implement some authorization into my application. I want to achieve that a user with some role and permission can only see some o the attributes. Take a look:

// User Model
string lastname;
string firstname;
string birthdate;

Let's say the user is administrator so he can see all users but he is not allowed to see the users birthdate.

I've created a class that returns a List of all allowed attributes (as you an see only first- and lastname):

public class AllowedAttributes
{
    private List<string> AllowedAttributes = new List<string>();

    public AllowedAttributes()
    {
        this.AllowedAttributes.Add("lastname");
        this.AllowedAttributes.Add("firstname");
    }

    public List<string> GetAllowedAttributes()
    {
        return this.AllowedAttributes;
    }
}

My NHibernate query looks as follows:

AllowedAttributes attributes = new AllowedAttributes();

        var user = sessionService.GetDefaultSession()
            .Query<User>()
            // something like...
            // .Select(attributes.GetAllowedAttributes())
            .ToList();

Can somebody help me out with a correct NHibernate query? I only want to get the attributes specified in the list.

P.S. In my application the list is way longer, so just typing the Attributes is not working.

Thanks in advance :)

Can you try the properly level authorization instead? [an old answer](https://stackoverflow.com/questions/28991251/best-way-to-do-property-level-authorization-in-servicestack) — Phael, Jun 12 '18 at 07:56
You can achieve this by using NHibernate's projections. Refer here: [Can someone better explain what 'Projections' are in nHibernate? ](https://stackoverflow.com/questions/6140379/can-someone-better-explain-what-projections-are-in-nhibernate) — matramos, Jun 12 '18 at 08:21
Thanks, but could you give me a short example please? I'm pretty new in authorization and stuff. ty — , Jun 12 '18 at 08:27
Projections allow your queries to get only specific columns, which from my understanding was your original question. It does not necessarily relate with authorization. — matramos, Jun 12 '18 at 08:53

score 0 · Accepted Answer · answered Jun 18 '18 at 08:16

0

You can achieve this by using NHibernate projections. Follow this entry to get more information. Can someone better explain what 'Projections' are in nHibernate?

answered Jun 18 '18 at 08:16

Alex Seitz

66
2
7

Remove specific attributes from object in C#

1 Answers1