概念问题 - 不要重复您的自我问题/问题
我敢打赌,我们之前都做过。
我们有三个功能:
addCustomer
editcustomer
deletecustomer
在获取要添加,编辑或删除的数据之前,必须检查是否允许用户进行显示,编辑或删除。
添加,编辑和删除客户功能的顶部的某些功能中添加一些呼叫
因此,
您在 为了这。
我还认为这里有一个水平 - 像这样:
备注:顺便说一句 - 如果看起来像C#,Java,Python,Pascal(任何风味),PHP,COBOL,FOLTRAN,BASIC(任何口味),则不使用编程语言。 。偶然的
level 0:
Controller -> request (add/edit/delete)
function()
call CanUserCreateOrModify()
Layer 1:
CanUserCreateOrModify-
Layer 2:
AddCustomer, EditCustomer, DeleteCustomer
不确定是哪种模式。我了解某个级别会有一些重复
I bet we've all done this before.
We have Three functions:
AddCustomer
EditCustomer
DeleteCustomer
Before you can get the data to do add, edit or delete, you must check if the user is allowed to do show, edit or delete.
so you add some calls to some functions at the top of your add, edit and delete customer functions
They are all equal and so ... you are repeating your self (breaking the DRY principle)
My gut feeling tells me there must be a pattern for this.
I also think there is a level here - like this:
remark: btw - not using a programming language here, if it looks like c#, Java, python, pascal (any flavour), php, cobol, fortran, basic (any flavour). It is accidental
level 0:
Controller -> request (add/edit/delete)
function()
call CanUserCreateOrModify()
Layer 1:
CanUserCreateOrModify-
Layer 2:
AddCustomer, EditCustomer, DeleteCustomer
Not sure which pattern it is though. And I understand at some level there will be some repetition
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在CRUD操作之前,可以调用某些过滤器功能。因此,如果您有API,则可以授权用户的请求并检查人员是否有赠款来执行此操作。
ASP.NET MVC具有
授权属性。除非用户通过授权检查,否则它将不允许请求达到该属性保护的操作。阅读更多关于在此处授权属性作为另一种方式,您可以使用继承或组成(组成更广泛),并创建方法来检查CRUD方法时的资格。
Some filter function can be called before CRUD operations. So if you have API, then it is possible to authorize user's request and check whether person has grants to execute this operation.
ASP.NET MVC has
Authorizeattribute. It will not allow a request to reach an action protected by this attribute unless the user passes an authorization check. Read more about authorize attribute hereAs another way, you can use inheritance or composition (composition is more versatile) and create methods to check eligibility of user when you call your CRUD methods.