Current filter:
                                You should refresh the page.
                                  • [DevExpress Support Team: CLONED FROM T721161: Non-XAF security system in multithread (multiuser) application (OData web)]
                                    Finally, I prepared my proof-of-concept example. I have extended your XAF_how-to-implement-odata4-service-with-xpo example by security system features. Everything works as expected.
                                    The only issue appears to be scenario, when http request contains the $select parameter explicitly mentioning property not allowed by security system for current user. In such a case an SQL exception is raised.
                                    System.Data.SqlClient.SqlException (0x80131904): At least one of the result expressions in a CASE specification must be an expression other than the NULL constant.
                                    Steps to reproduce:
                                    - Run my example service
                                    - Send request http://localhost:[port]/Customers?$select=CustomerID,CompanyName as user "userA" with password "userA".

                                    Any idea how to provide client with a more convenient response once such a request is sent?
                                    I would also appreciate your opinion and comments on my example API regarding the main concept and overall design.

                                    Thanks a lot.

                                1 Solution

                                Creation Date Importance Sort by


                                We have recently improved our example's code to handle a similar scenario (T727833). Please use the latest Helpers\XpoLinqQuery.cs file version and let us know how this works for you.

                                • Svatopluk Ulicny 04.09.2019

                                  Thanks for update. I'll give it a try and keep you posted.