3
I am building a project with webApi2 using Oauth.
The system has (for example) User Registration (default), with permissions to View, Edit, New, Enable, Inactive, Delete.
The standard methods of POST
, GET
, PUT
, are OK, but to make the other features I can use a POST
with routes (which only change the status of the object):
[Route("api/usuario/{id}/ativar"), Authorize(Roles = "usuario.ativar")]
public HttpResponseMessage Ativar(int id) { ... }
[Route("api/usuario/{id}/inativar"), Authorize(Roles = "usuario.inativar")]
public HttpResponseMessage Inativar(int id) { ... }
Using HttpPatch
, I could not find a way to update the status of obj only in the authorized method, because I can pass to the call {Status: Inactive}, and the current user is only allowed to view, and if you pass other properties, they will also be closed (request via Angularjs).
There would be a way to use this with HttpPatch
? However I need to leave enabled to the user only what the same has permission. Or in my case what would satisfy my need would just be to use POST
and create specific methods with permissions and routes?
You’re using what to test the
PUT
? The browser or some tool?– Leonel Sanches da Silva
The browser itself. It’s all working. The question is how best to implement actions other than standards (PUT,POST,GET), in the case Activate/Inactivate.
– Tiago Carneiro