ssossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

This topic contains 6 replies, has 3 voices, and was last updated by  hugeval 2 years, 2 months ago.

  • Creator
    Topic
  • #9452

    Dima Makaruk
    Participant

    Hi i have the following problem.

    When loading the EntityA the OneToMany collection is loaded not filtered with the ownership. I’m getting always in OneToMany collections all the entities owned by different organizations. Is it possible to use ownership for OneToMany relations when loading on the inverse side ? Maybe i’m doing something wrong ?!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
    Replies
  • #9756

    andesk
    Participant

    I am also interested in that topic.

    #10051

    hugeval
    Participant

    Hi @dimonixx, @andesk. Let me clarify oro security protection. Data grids and param converters are automatically protected with security protection. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#data-grids-protections
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#protection-with-param-converters.

    But if you load objects manually, you should protect them with oro_security.acl_helper or oro_security.security_facade. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-access-check-on-object

    To be able use protection you should make several steps:
    1 Add ownership annotation to entity, as you made:

    2 Make migration to create new acl_classes entry

    3 Add annotation to controller if you want to use param converters protection

    4 run app/console oro:platform:update console command

    #10088

    Dima Makaruk
    Participant

    @hugeval thank you for your answer. That’s exactly the way i’m using it.
    I have the following problem:
    – When loading the EntityA the OneToMany collection is not filtered with the ownership

    #10170

    hugeval
    Participant

    @dimonixx, there are several ways to load entities. Could you please show an example how do you load entities?

    #10171

    Dima Makaruk
    Participant

    i’m loading it with repository method for example findOneBy. And then $entityA->getEntityBs() returns the collection that is not filtered with owner .

    #10173

    hugeval
    Participant

    In this case you should protect entities manually, as mentioned at page https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries.

    For example, with QueryBuilder:

    Or with objects:

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.