OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

Forums Forums OroPlatform OroPlatform – Programming Questions Ownership in OneToMany relations

This topic contains 6 replies, has 3 voices, and was last updated by  hugeval 5 years, 4 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #33837

    Dima Makaruk
    Participant

    Hi i have the following problem.

    When loading the EntityA the OneToMany collection is loaded not filtered with the ownership. I’m getting always in OneToMany collections all the entities owned by different organizations. Is it possible to use ownership for OneToMany relations when loading on the inverse side ? Maybe i’m doing something wrong ?!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
    Replies
  • #33838

    andesk
    Participant

    I am also interested in that topic.

    #33839

    hugeval
    Participant

    Hi @dimonixx, @andesk. Let me clarify oro security protection. Data grids and param converters are automatically protected with security protection. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#data-grids-protections
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#protection-with-param-converters.

    But if you load objects manually, you should protect them with oro_security.acl_helper or oro_security.security_facade. Please check

    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries
    https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-access-check-on-object

    To be able use protection you should make several steps:
    1 Add ownership annotation to entity, as you made:

    2 Make migration to create new acl_classes entry

    3 Add annotation to controller if you want to use param converters protection

    4 run app/console oro:platform:update console command

    #33840

    Dima Makaruk
    Participant

    @hugeval thank you for your answer. That’s exactly the way i’m using it.
    I have the following problem:
    – When loading the EntityA the OneToMany collection is not filtered with the ownership

    #33841

    hugeval
    Participant

    @dimonixx, there are several ways to load entities. Could you please show an example how do you load entities?

    #33842

    Dima Makaruk
    Participant

    i’m loading it with repository method for example findOneBy. And then $entityA->getEntityBs() returns the collection that is not filtered with owner .

    #33843

    hugeval
    Participant

    In this case you should protect entities manually, as mentioned at page https://github.com/laboro/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md#manual-protection-of-select-queries.

    For example, with QueryBuilder:

    Or with objects:

Viewing 6 replies - 1 through 6 (of 6 total)

The forum ‘OroPlatform – Programming Questions’ is closed to new topics and replies.

You will be redirected to [title]. Would you like to continue?

Yes No