You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Should Authorization should be at the application layer?
I'm struggling having the authorization layer at the application. One of the big advantage of decoupling the logic from the API in Application/MediatR is I can re-use commands for different end points.
For example
I might have /patient/{patientId}/account that uses the AccountCommand and passes in the patientId
I m ight then also have /company/{companyId}/account that uses the AccountCommand and passes in the companyId
I can re-use the AccountCommand as kind of a query builder instead of having to have a GetPatientAccountCommand and GetCompanyAccountCommand.
You can see having the security context at the application layer falls apart here.
Should I not be trying to re-use commands and make them as 1 to 1 as the API as possible?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Should Authorization should be at the application layer?
I'm struggling having the authorization layer at the application. One of the big advantage of decoupling the logic from the API in Application/MediatR is I can re-use commands for different end points.
For example
I might have /patient/{patientId}/account that uses the AccountCommand and passes in the patientId
I m ight then also have /company/{companyId}/account that uses the AccountCommand and passes in the companyId
I can re-use the AccountCommand as kind of a query builder instead of having to have a GetPatientAccountCommand and GetCompanyAccountCommand.
You can see having the security context at the application layer falls apart here.
Should I not be trying to re-use commands and make them as 1 to 1 as the API as possible?
Beta Was this translation helpful? Give feedback.
All reactions