The problem is not with debugging, I wrote this code just to deliver my idea to you. Since we have an open APIs any user in the system can get token and begin to send you whatever he want using a lot of tools like Postman. So we need to protect ourself.
you can read this if you want: https://dba.stackexchange.com/questions/98118/composite-primary-key-in-multi-tenant-sql-server-database
You didn't catch my problem, if I use the function as bellow: public async Task CreateTicket(CreateTicketInput input) { await _ticketRepository.InsertAsync(ObjectMapper.Map<Ticket>(input)); }
Is there guaranty that the sent id of the Status is belong to the current tenant? not for another tenant? in case of my app hacking. :) that is my question... thanks for your time.
Thanks guys
good evening @bobingham, suppose that I have the following Dto: CreateTicketInput{Id, Title, StatusId, PriorityId, UserId}
and the the following function to create ticket:
public async Task CreateTicket(CreateTicketInput input) {
// The following three lines will throw exception if IDs not belong to the current tenant
// I need to do this checking on create and update
var status = _statusRepository.Get(input.StatusId);
var priority = _priorityRepository.Get(input.PriorityId);
var user = _userRepository.Get(input.UserId);
var ticket= ObjectMapper.Map<Ticket>(input);
await _ticketRepository.InsertAsync(ticket);
}
is there any efficient way to do those three checks? how your solution can help me?
Thanks
"Yes, implement an IQueryable for your query and then execute with the ToList() or await ToListAsync()." Could you explain your solution more later.
Good night...
Thanks for your reply, I am trying to solve the following problem may you can help me thinking about it. I have Ticket entity with the following properties: {Id, TenantId, Title, StatusId, PriorityId, UserId} every time we post/put new Ticket from Angular to the APIs we have to check if the selected {StatusId, PriorityId, UserId} is related to the current tenant so I need to hit the database three times to check that every item is related to the current tenant right? Is there any method to prevent those three hits? Since composite key will let the sql server do that since we add foreign key to both ** (Id, TenantId) ** in Status table and the same thing for the other Priority and User. No need to reference the Tenant table because tenant id is maintained by the framework and there no chance to be for other tenant.
I am working on AspNetZero Core with Angular 8. I have read a lot of articles about using composite sql key for muti-tenant systems. It will keep the data consistent and retain the data integrity concept. It will save a lot of validations when you insert entity with related items (IDs). So no need to check if those IDs is owned by the current tenant. It will be maintained by Sql Server. If we decided to use it, is there any compatibility issues with AspNetZero framework?, since someone mentioned that he had an issue with soft delete: https://support.aspnetzero.com/QA/Questions/1378 what are your recommendations about this technique?
I am using Aspnetzero framework with Angular 8. when I add new entity that implements IMustHaveTenant the TenantId is added to the entity table but the foreign key constraint is not added. My question is should we add this constrain for data integrity with AbpTenant table or not?. If yes what is the best practice to add it.
Thank you Support for your reply. We are using ASPNET Zero.
Can you give us your advice on the best approach to achieve this in the Framework? We are not asking about the exact steps or Code, Just some guidelines from your core knowledge in the Framework.
We appreciate your support.
Regards,
Hello Support,
How can we enable Users to Define User Defined Fields at Run Time and make those Fields available in the UI Forms?
Also, can we expose those Fields to the Listing Pages where you show for example the List of All Users? Can they see the UDF Fields in the List as well and how?
Regards,