|
I have an IEnumerable<employee> that I need to update some fields based on the user's security permissions. If a user is in the Admin or HR roles, the CanEdit and CanDelete properties should be set to true. If the user is not Admin or HR, but is their own record, CanEdit should be true. I have come up with two options, and wanted to know which would be considered the better method (or a different way) for speed, readability, and maintainability.
Method 1 first checks if the user is Admin or HR, then loops through the entire collection and updates the values. If the user is not Admin/HR, then it checks each record to see if it is the users and updates. Currently, a user can only have one record, so I quit once I update the matching employee record.
if(_userManager.User.IsInRole("Admin") || _userManager.User.IsInRole("HR"))
{
foreach(var employeeRecord in employeeList)
{
employeeRecord.CanEdit = employeeRecord.CanDelete = true;
}
return employeeList;
}
foreach(var employeeRecord in employeeList)
{
if(employeeRecord.WorkEmail.Equals(_userManager.User.Identity.Name, StringComparison.OrdinalIgnoreCase))
{
employeeRecord.CanEdit = true;
return employeeList;
}
}
return employeeList; Method 2 stores a boolean if the user is an Admin/HR, and just sets that as the permission, then checks if the current employeeRecord belongs to the user and sets the permission.
bool hasEditDeletePermission = _userManager.User.IsInRole("Admin") || _userManager.User.IsInRole("HR");
foreach(var employeeRecord in employeeList)
{
employeeRecord.CanEdit = employeeRecord.CanDelete = hasEditDeletePermission;
if(_userManager.User.Identity.Name.Equals(employeeRecord.WorkEmail, StringComparison.OrdinalIgnoreCase))
{
employeeRecord.CanEdit = true;
}
}
return employeeList; Method 2 seems shorter and easier to understand, but Method 1 can be faster when the user isn't Admin or HR, which would happen more often. There's also the issue that Method 1 leaves the CanEdit/CanDelete values to whatever they were originally supplied as (currently defaults to false), where as Method 2 will always override any preexisting values which might cause unexpected behavior if other rules are added elsewhere.
Any recommendations on which you would rather use, or even suggestions on better ways to code this would be appreciated.
|
|
|
|
|
If the user was limited to certain records in the first place, that particular process should have been "data driven" with a proper query. Instead, you've got "generic" process that attempts to apply some logic to "every record" from who knows where.
The "data driver" could be data records, references or simply keys. Another design decision.
What you're dealing with is affectionately known as "tramp data".
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Could you explain a bit more what you mean by 'data driven with a proper query'? Almost every tutorial/example I've found only seems to be basic "Can Access/Can Not Access", but my needs are more granular. I'm currently using CQRS to have my Controller send an EmployeeQuery request. I've added a pipeline to the request handler which has my security logic and updates the results from the query as I need to apply information not just to the records themselves, but also potentially individual properties of the record. I didn't want to mix my security logic in with my query as I thought that could get hard to expand in the future. Here's an example of the current rules/permissions:
- Admin : Full Create, Read, Update, (Soft/Hard) Delete.
- HR : Full Create, Read, Update, Soft Delete.
- Manager : Full Read (of specific columns), Update of their own record (excluding some columns).
- User : Full Read (of specific columns different than Manager), Update of their own record (excluding some columns).
I'm using EFCore and LINQ for the query and I had first thought about trying to have the security logic in the pipeline 'build' the IQueryable that will get executed by the query handler, but I haven't found a good resource on how to do that, so I am updating the results of the handled query before sending it back to the Controller.
|
|
|
|
|
Context is important. You make references to IEnumerable when operations like "create", update and delete (of a give user's record) typically don't involve "updating sets"; they involve a single record or object graph.
"Browsing" implies sets, and is generally only limited in a broad sense (one may or may not access this particular "view").
When talking about "roles", this is not something that starts at query time; it starts as soon as the user has logged in and identified themselves. The app should be aware of parts to limit based on roles; which includes forms, reports, menu items, and sensitive data (which may involve limiting tables, records, columns, ranges, etc. based on need).
The "back end" accesses "views" of the data based on roles; and applies "need to know" filters before it even tackles the user's request. Still a pipeline, but with some extra "role filters" in between components; which includes the interactive / online / real-time parts.
So, you need to maintain and interface with a user's "role object" from start to finish. And the data that is finally handed off to that actual "insert" or update (that last "grain") is then free of any "role checking".
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
as Gary says (imho), you should not be retrieving all records, and then using Linq: you EF query should pull only the records that need updating, and, then, write those updated records back to the data store.
IEnumerable: keep an eye out for multiple enumerations: [^]
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
Have an object - user details that stores the info on the current user and a list of permissions. This should be populated when the user logs on.
Each page checks the user object for permissions and set 1 or more flags that control the state of the form controls and the content of any lists for the form.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
|
|
perhaps the OP thinks this is a psychic hotline ?
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
He will meet a tall, dark stranger and should avoid elevators and shellfish until Tuesday ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Well, first you've gotta wait for the keyboard to do it's magic (press any key). Then when the log-in screen appears out from behind the screen saver, you've gotta stand up. Now move your head as close to perpendicular to the lit screen and, looking down onto it's surface, identify where the spots of spagetti sauce are most concentrated. Notice that the most crusty of these clusters of dinner spatter might be well congealed and therefore hard to wipe off with cold water (test run a "scrape" using a fingernail). Get a cloth rag then, soaked with HOT water, and lightly, from this high advantage point above the frame of the monitor, in a bak-and-forth manner, rub the sauce from the darker backlit spots until they have been removed. After, dry with a paper towel. And you're good to go.
|
|
|
|
|
When I started reading that, I assumed it was going to end with "tell them 'I am too damn stupid to own a computer'"
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
and you will tell details about the task with telepathy or what?
what you have tried before asking for help
=====================================================
The grass is always greener on the other side of the fence
|
|
|
|
|
HOLY CROW! A terabyte of memory! That's a lot!
|
|
|
|
|
Hi All,
convert double with decimal places to any base in C# example : 19.879 to any base or -19.345 to any base
Please help
|
|
|
|
|
While we are more than willing to help those that are stuck, that doesn't mean that we are here to do it all for you! We can't do all the work, you are either getting paid for this, or it's part of your grades and it wouldn't be at all fair for us to do it all for you.
So we need you to do the work, and we will help you when you get stuck. That doesn't mean we will give you a step by step solution you can hand in!
Start by explaining where you are at the moment, and what the next step in the process is. Then tell us what you have tried to get that next step working, and what happened when you did.
If you are having problems getting started at all, then this may help: How to Write Code to Solve a Problem, A Beginner's Guide[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Sorry,
I googled nothing helped me. So I have created my own class for number conversions.
I have 17+ years of software development experience.
Thanks you so much for your help.
|
|
|
|
|
study these: [^] [^] ... and ask yourself what numeric types it makes sense to convert the values you describe ... to.
then study this: [^]
and ... start experimenting !
come back with specific questions.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
Thank you so much.
Any have created my own class for converting any base to any base including decimal places (Ex:20.1234).
Will share it.
|
|
|
|
|
BillWoodruff wrote: ask yourself what numeric types it makes sense to convert the values you describe Why wouldn't it make sense? If b >= 10, you obviously have to define 'digits' for 10+; using A-Z for 10-36 is quite common. Equally obvious: The result of conversion must be treated as a digit string; there is no other way to handle, say, a base 13 number in a binary computer.
In decimal, the digits to the left of the decimal point give the number of ones, then number of tens, then ten**2s, ten**3s, ten**4s, ... To the right of the decimal point digits give the number of 1/10s, then the number of 1/(10**2)s, 1/(10**3)s, 1/(10**4)s, ...
For base b, the digits to the left of the point give the number of ones, then number of bs, then b**2s, b**3s, b**4s, ... To the right of the point, digits give the number of 1/bs, then the number of 1/(b**2)s, 1/(b**3)s, 1/(b**4)s, ...
I guess it would be somewhat confusing to call it a decimal point, though.
"Octal is just like decimal ... if you are missing two fingers" (Tom Lehrer)
To the OP: I would have split the number on the point, treating the whole and the fractional parts separately, converting then to binary integers, and then iterated each over a divide/remainder down to zero. Note that for the fractional part, you must set a reasonable limit for the number of digits - in, say, base 13 you cannot represent 879/1000 (that is from your first example) as any finite series of fractional digits f1/13 + f2/169 + f3/2197 + ... + fn/(13**n), except for a few special cases. (That goes for decimal .879 or .345 as well; they are not represented by those exact values in double format.)
|
|
|
|
|
to the flow of such off-topic ramblings, one can only hope the kaopectate of silence will ... help.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
modified 25-Dec-22 11:06am.
|
|
|
|
|
Thank you all.
I have created my own class for number conversion from one base to another base including decimal places.
Will share it if any body wants it.
I am GouseSakhalean, having 17 years of software development experience.
|
|
|
|
|
Namaskara, "17 years in software development"
Then, surely, you are aware that a deep understanding of numeric types in a strongly-typed language, like C#, is essential to competence. In C#, understanding when you can cast, and when you must invoke a conversion method is essential.
"rahi gulzar to phool khilenge" Kabir
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
Sakhalean wrote: I am GouseSakhalean, having 17 years of software development experience. OK, but then I am surprised that you ask for help with this problem. I consider it to be quite trivial, like an exercise you would be given early in your studies.
Furthermore, I can see no practical use for it - except to make a student really look into floating point formats, and to understand the concept of an arbitrary base. In which application do you need to express a double in an arbitrary base?
So both the problem and your questioning made it look like some student asking for help to do his homework assignment. I am getting curious to know which real world application (rather than a student exercise) has a need for the conversion function you have described.
|
|
|
|
|
This is for Aerospcase domain project purpose. For Aircraft project where we need for Aircraft parameters to be converted into Deciamal, Octal, hex , binary and engineerig formats.
|
|
|
|
|