Hi guys
I want to be able to remove fields or ignore fields based on a users permissions, I can hide things in the UI but that's not really a satisfactory result if the user can just inspect the network traffic and see the data that's not being displayed.
Is there a way to do this using OData query options? I thought I might be able to add a $select parameter at runtime on the service side but I'm not sure I'd be able to cover all the $extend possibilities where we load the forbidden data as a linked entity to some other entity.
Another option might be to try and do this in the entity framework layer but I suspect I'll break the .Include functionality by performing a .Select on my DBSet and then returning a different instance of the original object just with the forbidden data removed.
Any help would be muchly appreciated.
Thanks
Ben