Haeri
Haeri
PostsComments
CC#
Created by Haeri on 4/1/2024 in #help
Resource based authorization with Identity
Hello, I have the following setup in my asp.net core project: A Workspace model that has a bunch of one to many relationships toDatasets, Transformsetc. My identity user gets a role such as workspace_01_editor which gives him editor rights on the workspace with id 1. This works fine and I have a middleware that automatically checks the access in the WorkspaceController. However, I was unable to find a good strategy for the other Controllers such and DatasetController and TransformController? I had the following ideas: 1. Put everything under the WorkspaceController and require a workspaceId for every request eg: /workspaces/{workspaceId}/dataset/{datasetId}. This way the middleware automatically checks for the workspaceId and does the authorisation. HOWEVER, people could cheat and supply a workspaceId they have access to and a datasetId that they don't have access to and the authorization would still be granted since the authorization is only done on the workspaceId. 2. Still put everything under the WorkspaceController and request workspaceId but then implement a repository pattern on every model which always requires a workspaceId as a getter. Eg GetDatasetByIdAndWorkspaceIdso the query would be for both where dataset.Id = datasetId and dataset.WorkspaceId = workspaceId. However, this feels like a lot of work and would require all models to have a direct relationship to workspace (even the ones that might not have a direct relationship with workspace) 3. As a last resort I was thinking about manually checking in every endpoint of every controller the relationship to the workspace. So basically querying the model, fetching the workspaceId and checking against user role. However, this would require a database request for every endpoint and is error prone since I might forget to do the check. Does anyone know of a better strategy here?
1 replies
CC#
Created by Haeri on 1/18/2024 in #help
EF Core Nested Projections
I am trying to find out a good way to perform a projection on a model with multiple relationship levels. Here is an example: 
public class Blog
{
    public int Id { get; set; }
    public string Title { get; set; }
    public int Other { get; set; }
    public User User { get; set; }
}

public class User
{
    public int Id { get; set; }
    public string UserName { get; set; }
    public int Other { get; set; }
}

public class BlogDTO
{
    public int Id { get; set; }
    public string Title { get; set; }
    public UserDTO User { get; set; }
}

public class UserDTO
{
    public int Id { get; set; }
    public string UserName { get; set; }
}

var result = dbContext.Blogs
    .Select(blog => new BlogDTO
    {
        Id = blog.Id,
        Title = blog.Title,
        User = new UserDTO
        {
            Id = blog.User.Id,
            UserName = blog.User.UserName
        }
    })
    .toList();
public class Blog
{
    public int Id { get; set; }
    public string Title { get; set; }
    public int Other { get; set; }
    public User User { get; set; }
}

public class User
{
    public int Id { get; set; }
    public string UserName { get; set; }
    public int Other { get; set; }
}

public class BlogDTO
{
    public int Id { get; set; }
    public string Title { get; set; }
    public UserDTO User { get; set; }
}

public class UserDTO
{
    public int Id { get; set; }
    public string UserName { get; set; }
}

var result = dbContext.Blogs
    .Select(blog => new BlogDTO
    {
        Id = blog.Id,
        Title = blog.Title,
        User = new UserDTO
        {
            Id = blog.User.Id,
            UserName = blog.User.UserName
        }
    })
    .toList();
This works but I have a lot more levels in my code and writing this out every time is super tedious. I'l looking for a way to reuse the projections so I don't have to write them out every time.
10 replies