Kebin Maharjan - 31 - Nov 22, 2014

Hi Demis,
I’m wondering if Response Filter is a sensible way of handling the following scenario:

Lets say I have 2-3 permissions possible for any users. And based off of user’s permission(s), I want to set some properties on the response dto to empty or do some processing before returning the dto. So basically don’t return values for certain fields based off of user’s permission.

Is ResponseFilter a good candidate to handle this? Any other suggestions on tackling this? 


Yeah sounds like a number of different ways you can do this, Response Filter, ResponseFilterAttribute, base method of a shared base Service class, etc.

I would probably use a typed response filter and shared interface for something this, basically have the Response DTO’s that should have this behavior implement a shared interface with all the properties needed for the feature. Here’s an example on how to register a typed response filter using an interface:

Kebin Maharjan:

This is perfect!
Although, the properties across different dto’s won’t always be the same. I guess I could also define few methods in the same dto interface like:
void ApplyPermissions(list of permissions);

Then have each of those dto do whatever needs to based on the permissions passed to it?

Is that not giving too much responsibility to a dto though?

I wouldn’t put any methods on the DTO, just an interface with all the properties required to impl feature, e.g the properties you want to populate. 

Michał Gajek:

Hi +Kebin Maharjan , you might want to take a look at this

this is my implementation of per-field permissions. It is quite limited as I’ve implemented only the features I needed, namely:
* is role-based only, not permission based
* processes only response DTOs, not request (although it’s probably just as simple as registering the routine as response filter as well)
* doesn’t follow the object graph, works on root-level object only

I might have to improve it soon, but it’s not a guarantee yet.
hope this helps

Kebin Maharjan:

Hi Michal,
This is great. I’ll give this a try!

Thanks a lot :slight_smile:

Sir Thomas:

That neat +Michał Gajek … you could call it the “Access To Information Sharpie” plugin.