-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #335 from IntelliTect/ascott/331-prop-restriction
feat: #331 implement custom property restrictions
- Loading branch information
Showing
62 changed files
with
830 additions
and
264 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# [Restrict] | ||
|
||
In addition to [role-based](/modeling/model-components/attributes/security-attribute.md) property restrictions, you can also define property restrictions that can execute custom code for each model instance if your logic require more nuanced decisions than can be made with roles. | ||
|
||
``` c#:no-line-numbers | ||
using IntelliTect.Coalesce.DataAnnotations; | ||
public class Employee | ||
{ | ||
public int Id { get; set; } | ||
[Read] | ||
public string UserId { get; set; } | ||
[Restrict<SalaryRestriction>] | ||
public decimal Salary { get; set; } | ||
} | ||
public class SalaryRestriction(MyUserService userService) : IPropertyRestriction<Employee> | ||
{ | ||
public bool UserCanRead(IMappingContext context, string propertyName, Employee model) | ||
=> context.User.GetUserId() == model.UserId || userService.IsPayroll(context.User); | ||
public bool UserCanWrite(IMappingContext context, string propertyName, Employee model, object incomingValue) | ||
=> userService.IsPayroll(context.User); | ||
public bool UserCanFilter(IMappingContext context, string propertyName) | ||
=> userService.IsPayroll(context.User); | ||
} | ||
``` | ||
|
||
Restriction classes support dependency injection, so you can inject any supplemental services needed to make a determination. | ||
|
||
The `UserCanRead` method controls whether values of the restricted property will be mapped from model instances to the generated DTO. Similarly, `UserCanWrite` controls whether the property can be mapped back to the model instance from the generated DTO. | ||
|
||
The `UserCanFilter` method has a default implementation that returns `false`, but can be implemented if there is an appropriate, instance-agnostic way to determine if a user can sort, search, or filter values of that property. | ||
|
||
Multiple different restrictions can be placed on a single property; all of them must succeed for the operation to be permitted. Restrictions also stack on top of role attribute restrictions (`[Read]` and `[Edit]`). | ||
|
||
A non-generic variant of `IPropertyRestriction` also exists for restrictions that might be reused across multiple model types. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
4 changes: 2 additions & 2 deletions
4
playground/Coalesce.Web.Ko/Api/Generated/CompanyController.g.cs
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
8 changes: 4 additions & 4 deletions
8
playground/Coalesce.Web.Ko/Api/Generated/PersonController.g.cs
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.