Have an application that is quiet large and am rethinking some of the design and wondering if the practices currently in use are correct. I will keep it simple as there its not about coding.
Assume we have a method in a service that we call like _userService.GetUser(..). This method returns a user as expected. If the method is called for a logged in user the method has checks to ensure the user can only see their details.
Now if the method is called by administrator they can retrieve any user and checks are bypassed. Again code not important here.
Questions
- Better to separate out the methods per user and per admin
- Better to have UserService and AdminUserService?
- Should the check be done at DB level and not return a record if it does not match criteria or after loading the entire object and checking properties (current practice)
I am wondering if there are best practices for this because looking at various large projects it seems that most systems write single methods and just deal with logic to determine what to do for the incoming request.
Aucun commentaire:
Enregistrer un commentaire