draft orgUser query #4494
draft orgUser query #4494
Conversation
|
New Issues
Fixed Issues
|
| // Convert the OrganizationUserUserDetails permissions json string | ||
| this.Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(OrganizationUserUserDetails.Permissions); |
There was a problem hiding this comment.
The class already has a helper for this: OrganizationUserUserDetails.GetPermissions(). Although my preference is for the consuming code to do this as/when required, it's duplicative here.
There was a problem hiding this comment.
I don't know how I missed that. That is 100 times easier. Thanks.
| response.Type = GetFlexibleCollectionsUserType(response.Type, response.Permissions); | ||
| response.Type.GetFlexibleCollectionsUserType(response.Permissions); |
There was a problem hiding this comment.
You're no longer doing anything with this return value.
There was a problem hiding this comment.
haha yea I missed that part. Thanks.
| // I was not sure about automapper being a possible use case here? | ||
| // If not I am sure I can likely implement a more elegant conversion solution | ||
| var responses = new List<OrganizationUserUserDetailsResponseModel>(); | ||
| foreach (var queryResponse in queryResponses) | ||
| { | ||
| responses.Add(new OrganizationUserUserDetailsResponseModel( | ||
| queryResponse.OrganizationUserUserDetails, | ||
| queryResponse.TwoFactorEnabled, | ||
| permissions: queryResponse.Permissions | ||
| ) | ||
| ); | ||
| } |
There was a problem hiding this comment.
automapper is definitely overkill. What about:
var responses = queryResponses.Select(r => new OrganizationUserUserDetailsResponseModel(queryResponse.OrganizationUserUserDetails, queryResponse.TwoFactorEnabled);| // Since the OrganizationUserUserDetailsQueryResponse object already has the permissions | ||
| // converted from json. Add it here as an optional param. If included the base method will | ||
| // use the permissions if not it will conver | ||
| public OrganizationUserUserDetailsResponseModel(OrganizationUserUserDetails organizationUser, | ||
| bool twoFactorEnabled, string obj = "organizationUserUserDetails") | ||
| : base(organizationUser, obj) | ||
| bool twoFactorEnabled, string obj = "organizationUserUserDetails", Permissions permissions = null) | ||
| : base(organizationUser, obj, permissions: permissions) |
There was a problem hiding this comment.
Again, we avoid all of this if we omit it from the query and let consumers decide if/when they want to deserialize this.
| // Should the query authorize? Or should this be the responsibility of the controller? | ||
| // Maybe having the query authorize would ensure safety? | ||
| // Code from the controller for auth: | ||
| // var authorized = (await _authorizationService.AuthorizeAsync( | ||
| // User, OrganizationUserOperations.ReadAll(orgId))).Succeeded; | ||
| // if (!authorized) | ||
| // { | ||
| // throw new NotFoundException(); | ||
| // } |
There was a problem hiding this comment.
For now at least, I think this should continue to live in the controller; our private and public api use different authorization patterns (private uses a mix of handrolled and resource-based authorization, public uses policy-based authorization), and introducing them at the query level tightly couples the query logic with this particular authorization pattern.
Maybe there's some opportunity to align this in the future, I'm not sure. Happy to discuss if you have any other thoughts here.
| await _userService.TwoFactorIsEnabledAsync(o)); | ||
|
|
||
| // Using the new extension method | ||
| orgUser.OrganizationUserUserDetails.Type.GetFlexibleCollectionsUserType(orgUser.Permissions); |
For discussion only, ignore.
🎟️ Tracking
📔 Objective
📸 Screenshots
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes