Currently I recieve claims in my controller, these claims contain a administrator
and teamid
. In my repository every call where I want to retrieve a list of data you either get the data availlable to your team, or all data if you're an administrator. The code to check for that is like so:
var content = _dataContext.Content
.Where(c => c.teamId == teamId || isAdministrator)
.Where(x => rest of the query here)
Is this a good way to implement such access restrictions? Or are there better ways to implement this?
CodePudding user response:
Is this a good way to implement such access restrictions? Or are there better ways to implement this?
You can implement in better way this kind of access control using
Role-based authorization
orClaims-based authorization
these are the more elegant ways. You can check for details implementation from ourofficial document here
Wouldn't that result in high duplication of queries? Then I'd have to have two functions. One for teambased queries and one for admin based queries. Or is that actually the better way?
No that's really not the
duplication of queries
this is the elegant way to handle that and its mostly used way to handle this kind of requirement. Because in yur existing code when any new role comes in you have to re-write the logic each time, which not doesn't meet theSOLID
principle which tell us"Objects or entities should be open for extension but closed for modification"
I hope it will help you to find better implementations.