Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Different outcome (method result) based on permissions #1552


User avatar
0
eggersa created

I was asking myself if it is a good practice to have a different outcome / behaviour of a service method based on permissions? For example, the GetAll method in a service might return only the objects that I have created if I a do not have a "see all"-permission. Or the update method might ignore some properties if I do not have the permission to edit all properties of a given object.

I have this notion that one has the permission to either call an action or not. Maybe I am wrong with that one?


1 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    These are possibilities and I don't see it wrong. But for the edit/update, you should not show 'uneditable' properties to user on editing (that means you should also check permissions while rendering the edit form).

    For the 'GetAll' approach, you may want to check 'organization unit' system if your case is similar: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/Organization-Units">http://www.aspnetboilerplate.com/Pages/ ... tion-Units</a> OUs are used to restrict rows for users.