C
Join ServerC#
help
ASP, Identity, Blazor Give Permission for delete to specific users.
DDeaDo8/12/2022
In my Database i have a entity that acts like a group for multible users. There is a m:n relation between groups and users(IdentityUser)
I want that only users in those groups are able to create/update/delete group related data. Like events in a scheduler or messages in the group-chat.
But i can't think of a neat way to prevent other users from adding/deleting things to a group they are not part of. Right now i always get the userId in the controller and then a linq statement checks if there is a user with this Id in the group he wants to access.
This feels a bit wrong because i have to make sure that nobody else gets hold of a foreign userId and it's in a different location than the default role based authorization i use.
I want that only users in those groups are able to create/update/delete group related data. Like events in a scheduler or messages in the group-chat.
But i can't think of a neat way to prevent other users from adding/deleting things to a group they are not part of. Right now i always get the userId in the controller and then a linq statement checks if there is a user with this Id in the group he wants to access.
This feels a bit wrong because i have to make sure that nobody else gets hold of a foreign userId and it's in a different location than the default role based authorization i use.
EElfonochek8/12/2022
I have a problem, yesterday I was given the first test task regarding asp.net web api maybe entity framework, I had experience with entity framework before but with api for the first time. And now I'm very confused, and I don't know what to do next. I have three models, but now I don't understand how to make a connection between them. Could try to pay maybe for good help (
DDeaDo8/12/2022
here are some instructions in creating different relations between models
DDeaDo8/12/2022
u just add a property with the type of the foreign entity and when u create a migration (code-first) then the EF-Tools notices the type and creates a relation automatically
DDeaDo8/12/2022
u could create a new post for that though
EElfonochek8/12/2022
Oh yes, I read it, but when I started to write it, I got confused
EElfonochek8/12/2022
Π‘an i show a screenshot of the models? π
DDeaDo8/12/2022
sure
DDeaDo8/12/2022
u can also use 3 of those `
then your text is recognized as code and uses proper format
then your text is recognized as code and uses proper format
EElfonochek8/12/2022
Oh thx, so i have 3 models.
relation look like incidents -> accounts -> contacts
when create incident must have account and account must have contact
relation look like incidents -> accounts -> contacts
when create incident must have account and account must have contact
EElfonochek8/12/2022
public class Incident
{
[Key]
public string IncidentName { get; set; }
[Required]
[StringLength(100)]
public string Description { get; set; }
public virtual Account Account { get; set; }
}EElfonochek8/12/2022
public class Account
{
[Key]
public int Id { get; set; }
[Required]
public string Name { get; set; }
[Required]
public virtual Contact Contact { get; set; }
}EElfonochek8/12/2022
public class Contact
{
[Key]
public int Id { get; set; }
[Required]
public string FirstName { get; set; }
[Required]
public string LastName { get; set; }
[Required]
public string Email { get; set; }
}EElfonochek8/12/2022
Models look like this
EElfonochek8/12/2022
And actually its look correctly in api
EElfonochek8/12/2022
EElfonochek8/12/2022
but i know it's not π
DDeaDo8/12/2022
looks alright to me
EElfonochek8/12/2022
Hmm, then I will ask a little differently
DDeaDo8/12/2022
what doesn't work?
EElfonochek8/12/2022
Models look like this
EElfonochek8/12/2022
When i try [GET] all incidents how can i show account in Response body
EElfonochek8/12/2022
EElfonochek8/12/2022
Here
DDeaDo8/12/2022
how does your query look?
EElfonochek8/12/2022
Now i have basic query
DDeaDo8/12/2022
have u included the account when accessing the incindent?
EElfonochek8/12/2022
I try another i have error
DDeaDo8/12/2022
yes this is the issue
DDeaDo8/12/2022
try .Include(i => i.Account)
EElfonochek8/12/2022
Yep, i try show by id
EElfonochek8/12/2022
In db its save like this. only id
EElfonochek8/12/2022
EElfonochek8/12/2022
EElfonochek8/12/2022
EElfonochek8/12/2022
All table save correctly with all infomation
DDeaDo8/12/2022
_context.Incident.Include(i => i.Account).ToListAsync();
DDeaDo8/12/2022
this is as it should be
EElfonochek8/12/2022
O_o
DDeaDo8/12/2022
?
EElfonochek8/12/2022
i feel confused, it's worked π
DDeaDo8/12/2022
the include thing?
EElfonochek8/12/2022
DDeaDo8/12/2022
now u have to include the contact to the account
DDeaDo8/12/2022
_context.Incident.Include(i => i.Account).ThenInclude(a => a.Contact).ToListAsync();
DDeaDo8/12/2022
u always have to use Include if u want to get data from a related table. EF will look for a entry that fits to the id u saved in the first table.
EElfonochek8/12/2022
I thought why it doesn't work forgot ThenInclude
EElfonochek8/12/2022
Thank you very, very much !β₯οΈ
EElfonochek8/12/2022
But can i one more Question ?
DDeaDo8/12/2022
sure
EElfonochek8/12/2022
There is such a point in the test task, but I didn't quite understand it , from the point of view of logic
EElfonochek8/12/2022
database structure
incidents -> accounts -> contacts
incident -> account, 1=>M,
account -> contact , 1=> M.
Incident, incident name - primary key, autogenerated, string
Account, Name - > unique string field
Functionality
create web api, asp core, ef code first (edited)
Introduce the API to create the following records: contacts, accounts, incidents (edited)
account cannot be created without contact
incident cannot be created without account
logic for incident creation method
Validation
if account name is not in the system -> API must return 404 β NotFound
if contact is in the system (check by email) -> update contact record, link contact to account if it has not been linked prevoisly.
Otherwise,
create new contact with first name, last name, email and
link just created contact to the account
create new incident, for account and populate incident description field
incidents -> accounts -> contacts
incident -> account, 1=>M,
account -> contact , 1=> M.
Incident, incident name - primary key, autogenerated, string
Account, Name - > unique string field
Functionality
create web api, asp core, ef code first (edited)
Introduce the API to create the following records: contacts, accounts, incidents (edited)
account cannot be created without contact
incident cannot be created without account
logic for incident creation method
**Request example
request body
{
account name,
contact first name,
contact last name,
contact email, // unique identifier,
incident description,
}**Validation
if account name is not in the system -> API must return 404 β NotFound
if contact is in the system (check by email) -> update contact record, link contact to account if it has not been linked prevoisly.
Otherwise,
create new contact with first name, last name, email and
link just created contact to the account
create new incident, for account and populate incident description field
EElfonochek8/12/2022
I understand correctly its [POST] Request ?
DDeaDo8/12/2022
create = post
EElfonochek8/12/2022
Yep i know, i mean my post need look like this
Request example
request body
{
account name,
contact first name,
contact last name,
contact email, // unique identifier,
incident description,
} 
EElfonochek8/12/2022
forget it
EElfonochek8/12/2022
i stupid π
EElfonochek8/12/2022
I read it correctly again
DDeaDo8/12/2022
Personally i would create a new data-transfer-object in a case like that
that object has all the properies the example shows
In your post method u can create a new incident then and write all properties form the dto to the new incident and add it to DB
that object has all the properies the example shows
In your post method u can create a new incident then and write all properties form the dto to the new incident and add it to DB
DDeaDo8/12/2022
if i understand it as wrong as u do π
EElfonochek8/12/2022
Hmmm
DDeaDo8/12/2022
if the above should be the json content
EElfonochek8/12/2022
You mean to create a new model in which the required fields will be required, and when the post method is used, create incidents with fields from first model?
EElfonochek8/12/2022
Models only with this fields
request body
{
account name,
contact first name,
contact last name,
contact email, // unique identifier,
incident description,
}DDeaDo8/12/2022
yes and a post method that takes this object and than creates a new Incident. Then u write all properties from that dto to the new incident
EElfonochek8/12/2022
Thank you very much β₯β₯β₯β₯
If there are still problems, I will ask β₯
If there are still problems, I will ask β₯
DDeaDo8/12/2022
π
DDeaDo8/12/2022
No problem
TThaumanovic8/12/2022
I'm so confused. What's the question here? Was the thread hijacked?
DDeaDo8/12/2022
I could solve my problem somehow. I refactored my code a bit and now i have a cleaner solution im satisified with. Im still interested in better solutions though.
DDeaDo8/12/2022
this was the original question btw.
The 2nd question got here by mistake but it looked like a question i could answer so i tried to solve it in this post
The 2nd question got here by mistake but it looked like a question i could answer so i tried to solve it in this post
EElfonochek8/12/2022
I stole this thread π
sr
DDeaDo8/12/2022
np