Breeze **expand** vs. EntityFramework **include** for eager loading of navigation properties

0
votes

a) In order to load a navigation property of an entity with EntityFramework on server side I can use include:

public virtual IQueryable<TEntity> All(){
  IQueryable<TEntity> initialQuery = Context.Set<TEntity>();
  IQueryable<TEntity> extendedQuery = initialQuery.Include('MyNavigationProperty');
  return extendedQuery;
}

Also see https://msdn.microsoft.com/en-us/magazine/hh205756.aspx

b) Breeze allows to load navigation properties on client side with expand:

var navQuery = breeze.EntityQuery.from('MyEntity')  
    .expand('MyNavigationProperty');

Also see https://breeze.github.io/doc-js/navigation-properties.html

=> Should I use both of those options if I want to load a navigation property? If not, what are the pros and cons of defining the eagerly loaded navigation properties on server or client side? Are there performance or security issues I have to consider when choosing one of the options?

Is it for example possible to hack the client code to retrieve more navigation properties than the original code would load?

Here someone states that using either include or expand would be enough:

Breeze does not expand a navigation property

However, I am still unsure how/when to use them.

1
javascriptc#entity-frameworkbreezenavigation-properties

1 Answers

0
votes

It seems to be like this (please correct me or add further information if you want):

a) The Breeze .expand option is enabled by default. In order to disable or restrict it the annotation EnableBreezeQuery can be applied in a domain controller:

[HttpGet]
[AllowAnonymous]
[EnableBreezeQuery(MaxExpansionDepth = 0)]
public IQueryable<Network> NetworkForEntryPageBy()
{
  return _unitOfWork.NetworkRepository.All();
}

This will forbid the client to use breeze expand.

Also see

https://github.com/Breeze/breeze.server.net/issues/12

https://github.com/Breeze/breeze.server.net/blob/master/Tests/Test.WebApi2.EF6/Controllers/NorthwindIBModelController.cs

https://github.com/IdeaBlade/Breeze/pull/35

b) If breeze expand is enabled, it can be used to override the server side includes. I included for example the 'Pictures' navigation property on server side and expanded the 'Companies' navigation property on client side. I first expected that both navigation properties would be available. However, only the 'Companies' list is filled on client side: 

    [HttpGet]
    [AllowAnonymous]
    [EnableBreezeQuery(MaxExpansionDepth = 10)]
    public IQueryable<Network> NetworkForEntryPageBy()
    {
      return _unitOfWork.NetworkRepository.All().Include('Pictures');
    }

self.networksForEntryPage = function () {
        var query = breeze.EntityQuery
          .from(routeconfig.networksForEntryPageUrl).expand('Companies');
        return self.executeQuery(query);
      };

=> Pictures are empty => Companies are not empty and can be used by the client.