Hi,
I know the recommendation is to not use AbpSession information back within our Domain Services. I actually like that concept and can wrap my head around it. However, I'm curious what the recommendation is for implementing certain logic.
If I have an entity, say "OrganizationUnit" and I implement a DomainService to
a) retrieve a list of OrganiztionUnits b) filtered by only those entites that the current user is associated with c) store and manage the resulting filtered list within a redis cache (along with some other DomainService CRUD transactions)
something like "GetOrganizationUnitsForUser"
It's pretty obvious this type of work should not go into the ApplicationService as there is some low level caching going on and its a generic call that may be used by different applications. So, the method needs UserId. Is the recommendation to still stay away from using AbpSession in the domainService and simply pass filters (like UserId in this example)?
This is a VERY common problem in that we have lots of complicated queries that we want to filter based on roles, inclusion in organizationUnits, etc. They all require knowing something about who is querying them... but if we purposefully restrict access to AbpSession within our domain services, then we end up simply needing to pass properties in to the method, which is kind of the same thing.
I definitely don't want the domain services to always just be returning big unfiltered lists and rely on the ApplicationServices to always have to filter. That will result in a lot of redundant repository queries and allow for mistakes and forgettfulness in the AppService layer.
Curious as to the Abp/Az team's thoughts on this...
2 Answer(s)
-
0
@statuscast There many exmaples of using session in domain services in AspNet Zero. You can check their usages and use it like that in your domain services.
-
0
I understand. and I am pretty familiar with the places your team uses session info within domain services. It just is usually considered not-advisable as it ties the domain service to the application layer. In fact, your own documentation re-iterates that:
"Since authentication/authorization is an application layer task, it's advisable to use the IAbpSession in the application layer and upper layers. This is not generally done in the domain layer. ApplicationService, AbpController, AbpApiController and some other base classes have AbpSession already injected, so you can, for instance, directly use the AbpSession property in an application service method"
This was just a philosophical discussion. I was looking for some additional guidelines or suggestions. For now, we are not allowing the use of any AbpSession object within our domain services. Everything has to be passed in. That way they never assume there "is" a session and no kludgy if AbpSession is null stuff.