Base solution for your next web application
Open Closed

Segregation / Hiding sensible information #1805


User avatar
0
gpcaretti created

Let's have a some business method returning users details:

public async Task<MyUserDto>  getUserInfo(int id);
... and other similar methods...

And Let's suppose I want to return some sensible information about the user only to specific users (e.g. having view.full.info permission)

Where do you think it is the best way where to hide these info?

  1. Into every method?
  2. Into the returning MyUserDto?
  3. Elsewhere?

I'd working on MyUserDto by implementing the ICustomValidate interface where I check the current user in session and null the sensible information according to its permissions.

But I am not sure...

tnx for your help! Gp


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    ABP does not offer such a build in feature for now. I would create two different services for this and assign different permissions to each and decide which service to call on the client side according to current user's permissions.

    Maybe seperating views and make common parts reusable components would be even better.