Assume I have a class called Vehicle that is saved to a datastore using whatever framework. Vehicle has some set of properties, and based on the user's permissions, I want the user to be able to set some of these properties and not others.
Is there/are there any established patterns for this type of use case? Let me give a better example:
I make a PUT request to a web service to update an record. The service decides based on my permissions, it can only trust certain properties of the record and not others.
The straight-forward implementation I can think of is to have the service take my copy of the record, overwrite whichever fields it doesn't trust from me (by overwriting them with whatever it already has), and then continue with saving/updating the record.
Any suggestions?
Aucun commentaire:
Enregistrer un commentaire