I am building a SaaS which has many entities (say apple, pears, bananas) inside. I define CRUD operations for each entity. If there are 10 entities with 4 operations on each, this leads to 40 times checking if the user actually owns the resource!
Now, I am looking for an extensible way to check if the user actually owns the resource, so that he can modify it.
Is there a clean & extensible solution, something like a design pattern, to check for the ownership?
My current solution so far is to create a method that is checked at the beginning of each CRUD operations:
boolean checkPermission(String user, Entity entity) {
return user.equals(entity.owner);
}
Aucun commentaire:
Enregistrer un commentaire