0

Let's say we have a clear method that does an update.

public void UpdateUser(UpdateUserRequest request)
{
    var existing = context.Users.First(x=>x.Id == request.Id);
    existing.FirstName = request.FirstName;
    existing.LastName = request.LastName;
    existing.EmployeeId = request.EmployeeId;
    context.SaveChanges();
}

Lets say this is the method used the caller to update a user but there are a few cases.

Caller 1 is admin and therefore can update all the properties

Caller 2 is user but can update First/LastName only

Options that I have:

  1. Have a UserType (could be role or permission or whatever) on Request and check their type and not update EmployeeID if they are normal user introducing if condition
  2. Copy past and rename to UpdateNormalUser and remove EmployeeId

So I either end up with a bunch of if statements to check type or mutliple methods.

Are these the only two options, considering there might be many types of users who will only be able to update certain bits of info?

TylerH
  • 20,799
  • 66
  • 75
  • 101
AliK
  • 962
  • 2
  • 10
  • 31
  • Are you using Identity? – Pieterjan Oct 06 '21 at 11:33
  • https://softwareengineering.stackexchange.com/a/361755/375083 – Alexander Petrov Oct 06 '21 at 11:36
  • @Pieterjan I am and aware I can do it that way. However I don't think that is important here. – AliK Oct 06 '21 at 11:39
  • @AlexanderPetrov Again this is not the point regardless of permissions/identity I would still need a whole bunch of checks whether its to check a role or permission. – AliK Oct 06 '21 at 11:41
  • Create method to update user and pass object there. You would not repeat yourself in that case. – fatherOfWine Oct 06 '21 at 11:48
  • @fatherOfWine not sure what you mean already have that as in code above. – AliK Oct 06 '21 at 12:09
  • 1
    Very similar to this currently bounted question https://stackoverflow.com/questions/62263805/asp-net-core-3-1-web-api-authorization-on-model-property-level. All I can say is that EF Core won't help you in that regard. – Ivan Stoev Oct 06 '21 at 12:15
  • What it comes down to is whether to have multiple methods based on user type or if statements based on some usertype/permission etc. I am EF can't probably do much here. – AliK Oct 06 '21 at 13:23
  • If the question is "Are these the only two options" then the answer is no, but I'm pretty sure that doesn't help. What you need to do is decide how you're going to identify the different types of user - once you've done that, the solution to this part of the problem will become more obvious. – melkisadek Oct 06 '21 at 15:39

0 Answers0