| IPrivacyEnforcementServiceValidateQueryTModel Method |
Validate that a query can be performed by user principal and does not contain forbidden or compromising fields
Namespace:
SanteDB.Core.Security
Assembly:
SanteDB.Core.Api (in SanteDB.Core.Api.dll) Version: 2.2.1
Syntax bool ValidateQuery<TModel>(
Expression<Func<TModel, bool>> query,
IPrincipal principal
)
where TModel : IdentifiedData
Function ValidateQuery(Of TModel As IdentifiedData) (
query As Expression(Of Func(Of TModel, Boolean)),
principal As IPrincipal
) As Boolean
generic<typename TModel>
where TModel : IdentifiedData
bool ValidateQuery(
Expression<Func<TModel, bool>^>^ query,
IPrincipal^ principal
)
abstract ValidateQuery :
query : Expression<Func<'TModel, bool>> *
principal : IPrincipal -> bool when 'TModel : IdentifiedData
Parameters
- query
- Type: System.Linq.ExpressionsExpressionFuncTModel, Boolean
The query being executed - principal
- Type: System.Security.PrincipalIPrincipal
The principal who is executing the query
Type Parameters
- TModel
- The type of object being filtered
Return Value
Type:
BooleanTrue if the query can be executed in s asafe manner
Remarks
Some types of queries may violate or may compromise patient privacy. This method is used by the IRepositoryService prior
to a query being performed to ensure that:
- The query is not using fields which have been configured as forbidden by the jurisdiction
- The query does not contain explicit queries for data which, when masked, would indicate the condition. For example,
if records contain a policy "HIDE HIV programme identifiers", the disclosure of the identifier would be protected via
the ApplyTData(IEnumerableTData, IPrincipal) method, however, if a principal explicitly queried
for identifier[HIV_PROGRAM].value=!null they would still be disclosed patients which have an HIV program identifier. This method
should search the query provided and ensure that principal is not violating such conditions.
See Also