Menu
The use case that I'm trying to solve is encapsulation of our domain models. For example, we have internal models that are utilized in a back-end processing that we do not want exposed to clients. One of the main reasons for this encapsulation is volatility of change as our domain objects may change more rapid than the "published" client models. Therefore we want to limit the WebApi controllers to only return "published" client models.
To do this we would need to create interfaces outside of the WebApi project that does not have references to the internal models, then utilize those interfaces on the WebAPI controllers, and finally change routing/filtering to verify that routes/methods being accessed are part of the interface.
public class PublishedModel
{
public int Foo {get; set;}
public string Bar {get; set;}
}
public interface IPublishedAPI
{
PublishedModel GetModel(int id);
}
public class MyApi : ApiController, IPublishedAPI
{
public IDomainManager _manager;
public MyApi(IDomainManager manager)
{
_manager = manager;
}
[HttpGet]
[Route("good/{id}")]
public PublishedModel Good(int id)
{
DomainModel domainModel = _manager.GetDomainModelById(id);
return new PublishedModel
{
Foo = domainModel.Foo,
Bar = domainModel.Bar,
}
}
[HttpGet]
[Route("bad/{id}")]
public DomainModel Bad(int id)
{
var domainModel = _manager.GetDomainModelById(id);
return domainModel;
}
}
In the above example, I would like a call to /bad/1 to return a 404 as it's a route that's not published.
Any ideas?
380
You could create an action filter that checks to see if the mapped action is a member of the controller's inherited interface.
You could also create a filter that when manually attributed to methods you don't want exposed return the 404 Not Found response.
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
