Currently I recieve claims in my controller, these claims contain a administrator and teamid. In my repository every call where I want to retrieve a list of data you either get the data availlable to your team, or all data if you're an administrator. The code to check for that is like so:

var content = _dataContext.Content
    .Where(c => c.teamId == teamId || isAdministrator)
    .Where(x => rest of the query here)

Is this a good way to implement such access restrictions? Or are there better ways to implement this?

CodePudding user response：

Is this a good way to implement such access restrictions? Or are there better ways to implement this?

You can implement in better way this kind of access control using Role-based authorization or Claims-based authorization these are the more elegant ways. You can check for details implementation from our official document here

Wouldn't that result in high duplication of queries? Then I'd have to have two functions. One for teambased queries and one for admin based queries. Or is that actually the better way?

No that's really not the duplication of queries this is the elegant way to handle that and its mostly used way to handle this kind of requirement. Because in yur existing code when any new role comes in you have to re-write the logic each time, which not doesn't meet the SOLID principle which tell us "Objects or entities should be open for extension but closed for modification"

I hope it will help you to find better implementations.