Open rustd opened 8 years ago
This was opened on the ASP.NET UserVoice site. https://aspnet.uservoice.com/forums/147201-asp-net-web-api/suggestions/5318252-authorization-on-expand-functionality I am copying the details on the OData project. Please triage as appropiate.
Currently, there is no way to influence in what way $expand binds additional models. I would very much like to have some control over what models are binded, in order to apply authorization on these binded models.
Half a year ago I already created a StackOverflow thread (http://stackoverflow.com/questions/18254600/modify-binding-of-expand-function-when-unauthorized) with the exact same problem. Since I think that there is not enough attention paid to this problem, I've created this UserVoice thread.
@rustd
Did you try the answer provided from Ouyang Fan in the stackoverflow?
xuzhg
commented
8 years ago
This was opened on the ASP.NET UserVoice site. https://aspnet.uservoice.com/forums/147201-asp-net-web-api/suggestions/5318252-authorization-on-expand-functionality I am copying the details on the OData project. Please triage as appropiate.
Currently, there is no way to influence in what way $expand binds additional models. I would very much like to have some control over what models are binded, in order to apply authorization on these binded models.
Half a year ago I already created a StackOverflow thread (http://stackoverflow.com/questions/18254600/modify-binding-of-expand-function-when-unauthorized) with the exact same problem. Since I think that there is not enough attention paid to this problem, I've created this UserVoice thread.