add triggers in EF

I'm working on users and permissions Module for some projects using c# 4.0 and Entities Framework.

and in the proposed scenario, i have to give users permissions on data like:

• give user "John" management permission for employees in specific department.

so I thought to handle this permission in Entity Framework and add some conditions on all select queries before execute it ,In other words i need to add somethings like trigger in entity framework to alter select query before execute it.

is there any way to do that in en开发者_Python百科tity framework?

You can add multiple conditions to IQueryable dynamically. So you can do something like:

[PrincipalPermission(SecurityAction.Demand, Role="DepartmentManager")]
public IEnumerable<Employee> GetManagedEmployees()
{
  // build base query
  var query = from e in context.Employees
              select e;

  // add condition
  query = AddDepartmentPermissions(query);
  return query.AsEnumerable();
}

And your AddDepartmentPermissions will look like:

private IQueryable<Employee> AddDepartmentPermission(IQueryable<Employee> query)
{
  int departmentId = GetAllowedDepartmentSomewhere();
  return query.Where(e => e.Department.Id == departmentId);
}

This is just an example where PrincipalPermission don't allow calling GetManagedEmployees for non manager roles and AddDepartmentPermission adds query part for selection employees only from allowed department.

The main point is that you can wrap IQueryable<T> to methods which will modify query. I believe it should be even possible to add Interception (aspects) directly to properties exposing ObjectSet and dynamically add query parts dealing with security.