samedi 2 juin 2018

Is there an extensible way to check user ownership in a CRUD application?

I am building a SaaS which has many entities (say apple, pears, bananas) inside. I define CRUD operations for each entity. If there are 10 entities with 4 operations on each, this leads to 40 times checking if the user actually owns the resource!

Now, I am looking for an extensible way to check if the user actually owns the resource, so that he can modify it.

Is there a clean & extensible solution, something like a design pattern, to check for the ownership?

My current solution so far is to create a method that is checked at the beginning of each CRUD operations:

boolean checkPermission(String user, Entity entity) {
    return user.equals(entity.owner);
}

Aucun commentaire:

Enregistrer un commentaire