Patch Methods with Route and Authorize - webApi

Asked

Viewed 200 times

3

I am building a project with webApi2 using Oauth.

The system has (for example) User Registration (default), with permissions to View, Edit, New, Enable, Inactive, Delete.

The standard methods of POST, GET, PUT, are OK, but to make the other features I can use a POST with routes (which only change the status of the object):

[Route("api/usuario/{id}/ativar"), Authorize(Roles = "usuario.ativar")]

public HttpResponseMessage Ativar(int id) { ... }

[Route("api/usuario/{id}/inativar"), Authorize(Roles = "usuario.inativar")]

public HttpResponseMessage Inativar(int id) { ... }

Using HttpPatch, I could not find a way to update the status of obj only in the authorized method, because I can pass to the call {Status: Inactive}, and the current user is only allowed to view, and if you pass other properties, they will also be closed (request via Angularjs).

There would be a way to use this with HttpPatch? However I need to leave enabled to the user only what the same has permission. Or in my case what would satisfy my need would just be to use POST and create specific methods with permissions and routes?

  • You’re using what to test the PUT? The browser or some tool?

  • The browser itself. It’s all working. The question is how best to implement actions other than standards (PUT,POST,GET), in the case Activate/Inactivate.

2 answers

1


I have already been frustrated with this doubt as well: I need to do something specific but it does not fit the POST, GET, PUT, or even the PATCH.

My answer? Use the POST, with the appropriate routes. This, I believe, is a simple but effective way.

We can spend hours and hours discussing which HTTP verb fits the Activate, but I think at the end of the day, POST is the most appropriate.

  • Okay, I get it. If it were not a project depending on permissions, it could even do in a PATCH method for updating, as the user could make any changes.

0

Browser other questions tagged

You are not signed in. Login or sign up in order to post.