The good way to store user info
I'm making a web app for apartment reservation and i have those models: user, apartment(has fk user), reservationDate(pk is date+apartmentId, fks: user, who reserved this date, and occupancy, to what associates this date), occupancy(fks: reservedBy, apartment, and collection of reserved dates).
First I display apartments list that fits to the requested date range (in the service I filter query to get apartments with requested dates in 'empty' state).
When user choose an apartment from apartments list and then hits reserve button, I want to create a new occupancy instance and change dates states to 'reserved' (there only 2 states: 'empty' and 'reserved') and add wire this occupancy to user.
So, how should I store user info? Should I store only id and where?
14 Replies
Not 100% sure what you're asking about
But I think the answer is "just use a foreign key to user"
But what about case, when I want to display all user's apartments? I need to input user id to get all apartments which has 'owner' field (User type).
Yeah
Or you could enter the user name
Or whatever else
Man, I don't want to input guid id every time when I want to display my apartments, occupancies, my profile details and so on. Or there no way, and I have to receive the id to frontend by cookie or token, or inject it to the page?
Ah, you want some account system?
Where user logs in and sees all their stuff and their stuff only?
I already injected identity. I have auth service, where I have private User field and public method to get it from another service (I'm not sure, is it safe to do like that?), and controller. I have profile controller where I want to display all user details. User have to register before reserving an apartment.
So where's the issue?
You can get the ID of the currently logged-in user at any time
Just fetch the reservations or whatever by that
Is it safe to receive user id?
Where from?
From Identity?
User.FindFirst(ClaimTypes.NameIdentifier)?
Yes, why would it not be?Ok, is it safe to store user id in the token? I read that store sensitive info in the token is bad decision.
How is user ID sensitive?
U can get all user info by it. Or that doesn't matter?
If you allow for that to happen, sure
If you have some API endpoint or whatever that takes user ID and just spits out all their data, yeah
But why would you have that?
I wouldn't I guess.
Sorry for that mess, english not my native language
Thx a lot