ssossossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

Forums Forums OroPlatform OroPlatform – Programming Questions Ownership in OneToMany relations

This topic contains 6 replies, has 3 voices, and was last updated by  hugeval 2 years, 6 months ago.

  • Creator
    Topic
  • #28356

    Dima Makaruk
    Participant

    Hi i have the following problem.

    When loading the EntityA the OneToMany collection is loaded not filtered with the ownership. I’m getting always in OneToMany collections all the entities owned by different organizations. Is it possible to use ownership for OneToMany relations when loading on the inverse side ? Maybe i’m doing something wrong ?!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
    Replies
  • #28357

    andesk
    Participant

    I am also interested in that topic.

    #28358

    hugeval
    Participant

    Hi @dimonixx, @andesk. Let me clarify oro security protection. Data grids and param converters are automatically protected with security protection. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#data-grids-protections
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#protection-with-param-converters.

    But if you load objects manually, you should protect them with oro_security.acl_helper or oro_security.security_facade. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-access-check-on-object

    To be able use protection you should make several steps:
    1 Add ownership annotation to entity, as you made:

    2 Make migration to create new acl_classes entry

    3 Add annotation to controller if you want to use param converters protection

    4 run app/console oro:platform:update console command

    #28359

    Dima Makaruk
    Participant

    @hugeval thank you for your answer. That’s exactly the way i’m using it.
    I have the following problem:
    – When loading the EntityA the OneToMany collection is not filtered with the ownership

    #28360

    hugeval
    Participant

    @dimonixx, there are several ways to load entities. Could you please show an example how do you load entities?

    #28361

    Dima Makaruk
    Participant

    i’m loading it with repository method for example findOneBy. And then $entityA->getEntityBs() returns the collection that is not filtered with owner .

    #28362

    hugeval
    Participant

    In this case you should protect entities manually, as mentioned at page https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries.

    For example, with QueryBuilder:

    Or with objects:

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.