1

Let's say I have a UserRepository. It has the basic CRUD methods. According to the Repository Pattern, should it contain methods like IsAdministrator(user) to check against the database if a user is an admin? If not, which pattern is relevant?

Michael Haddad
  • 2,651
  • 3
  • 17
  • 27
  • 1
    Instead of checking the user's role, consider checking whether they have permission to perform a particular action and/or have permission to read/write the data instead. Related: https://softwareengineering.stackexchange.com/questions/299729/role-vs-permission-based-access-control – Ben Cottrell May 07 '17 at 15:40

1 Answers1

5

Yes, although, you shouldnt need to check the database for your IsAdministrator if you already have the User.

If you are following the Repository pattern, then you should be able to use your objects without a database.

So if you had both a User and Roles repository then maybe you would have a GetRolesForUserId(string id) on RolesRepository, which would in essence be your IsAdministrator function. But you wouldn't use the database to perform computations.

If you had some computation to perform outside of the objects responsibility you would put it in a service rather than the repository.

public class AdminService
{
    public bool IsAdmin(List<Roles> rolesForUser)
    {
        if(rolesForUser.Contains('admin') return true;
....
Ewan
  • 70,664
  • 5
  • 76
  • 161