I'm writing usual web API with N-Layer architecture. So far I have a data-access layer, business logic layer(implemented in Service classes), and application layer. I have 2 roles - Admin and User (in the future could be more). My question is - in what place should I handle role-specific business logic?
For example, /sessions endpoint on GET request should return all records in the database if the user is Admin OR only those which belongs to the user if the user is in User role. Also, on PATCH request User should be able to modify only his records, and Admin could modify any. And if in future other roles will be created, for example, Manager, he should see only records of users which he manages.
I have found the role-specific services approach with factory: https://softwareengineering.stackexchange.com/questions/278864/role-based-rest-api, also before I was checking the role inside my services in business logic layer. Or maybe I should reconsider my endpoints structure?
Aucun commentaire:
Enregistrer un commentaire