Authorization Code in Repository Violating SRP












0












$begingroup$


Having just started a new job, I've been looking at the code base of the 2 big projects and am experiencing a combination of respect and forehead-slapping.



One thing which has led to the latter is code in the various repositories which seemingly check for authorization.



To elaborate, these applications use an implementation of the repository pattern to abstract away the ORM (and to make the code testable). Fair enough. But, in the various repositories are Properties (returning Funcs) called CanRead which perform a whole bunch of authorization checks.



protected Expression<Func<Project, bool>> CanRead
{
get
{
int employeeId;
bool isAdmin = Principal.IsAdministrator();
Expression<Func<History, bool>> baseWhere = this.BaseWhere;
Expression<Func<UserClaim, int, bool>> userIsReviewer = this.UserIsReviewer;
Expression<Func<UserClaim, int, bool>> userIsRegionalCommercialLeader = this.UserIsRegionalCommercialLeader;

...

return e =>
!e.Deleted &&
(e.Version != Version.Budget || isAdmin) && ...

}
}


The content of the code itself is not so important. It is just the fact that it is in a Repository. It does not seem very SOLID.



I think it probably violates the SRP principle.

The repository's responsibility is communication between the Services and the data-access layer (some would say it is in the data access layer).

That reponsibility does not include checking whether a User is authorized to access that data.



I think auth is a cross-cutting concern which should be checked before any call to the data layer is made.



I just wanted a 2nd opinion on this, as I need to collect my thoughts while I compile a list of my issues with the code (which I will diplomatically produce at the right time).



Thanks










share|improve this question







New contributor




onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$

















    0












    $begingroup$


    Having just started a new job, I've been looking at the code base of the 2 big projects and am experiencing a combination of respect and forehead-slapping.



    One thing which has led to the latter is code in the various repositories which seemingly check for authorization.



    To elaborate, these applications use an implementation of the repository pattern to abstract away the ORM (and to make the code testable). Fair enough. But, in the various repositories are Properties (returning Funcs) called CanRead which perform a whole bunch of authorization checks.



    protected Expression<Func<Project, bool>> CanRead
    {
    get
    {
    int employeeId;
    bool isAdmin = Principal.IsAdministrator();
    Expression<Func<History, bool>> baseWhere = this.BaseWhere;
    Expression<Func<UserClaim, int, bool>> userIsReviewer = this.UserIsReviewer;
    Expression<Func<UserClaim, int, bool>> userIsRegionalCommercialLeader = this.UserIsRegionalCommercialLeader;

    ...

    return e =>
    !e.Deleted &&
    (e.Version != Version.Budget || isAdmin) && ...

    }
    }


    The content of the code itself is not so important. It is just the fact that it is in a Repository. It does not seem very SOLID.



    I think it probably violates the SRP principle.

    The repository's responsibility is communication between the Services and the data-access layer (some would say it is in the data access layer).

    That reponsibility does not include checking whether a User is authorized to access that data.



    I think auth is a cross-cutting concern which should be checked before any call to the data layer is made.



    I just wanted a 2nd opinion on this, as I need to collect my thoughts while I compile a list of my issues with the code (which I will diplomatically produce at the right time).



    Thanks










    share|improve this question







    New contributor




    onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$















      0












      0








      0





      $begingroup$


      Having just started a new job, I've been looking at the code base of the 2 big projects and am experiencing a combination of respect and forehead-slapping.



      One thing which has led to the latter is code in the various repositories which seemingly check for authorization.



      To elaborate, these applications use an implementation of the repository pattern to abstract away the ORM (and to make the code testable). Fair enough. But, in the various repositories are Properties (returning Funcs) called CanRead which perform a whole bunch of authorization checks.



      protected Expression<Func<Project, bool>> CanRead
      {
      get
      {
      int employeeId;
      bool isAdmin = Principal.IsAdministrator();
      Expression<Func<History, bool>> baseWhere = this.BaseWhere;
      Expression<Func<UserClaim, int, bool>> userIsReviewer = this.UserIsReviewer;
      Expression<Func<UserClaim, int, bool>> userIsRegionalCommercialLeader = this.UserIsRegionalCommercialLeader;

      ...

      return e =>
      !e.Deleted &&
      (e.Version != Version.Budget || isAdmin) && ...

      }
      }


      The content of the code itself is not so important. It is just the fact that it is in a Repository. It does not seem very SOLID.



      I think it probably violates the SRP principle.

      The repository's responsibility is communication between the Services and the data-access layer (some would say it is in the data access layer).

      That reponsibility does not include checking whether a User is authorized to access that data.



      I think auth is a cross-cutting concern which should be checked before any call to the data layer is made.



      I just wanted a 2nd opinion on this, as I need to collect my thoughts while I compile a list of my issues with the code (which I will diplomatically produce at the right time).



      Thanks










      share|improve this question







      New contributor




      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      Having just started a new job, I've been looking at the code base of the 2 big projects and am experiencing a combination of respect and forehead-slapping.



      One thing which has led to the latter is code in the various repositories which seemingly check for authorization.



      To elaborate, these applications use an implementation of the repository pattern to abstract away the ORM (and to make the code testable). Fair enough. But, in the various repositories are Properties (returning Funcs) called CanRead which perform a whole bunch of authorization checks.



      protected Expression<Func<Project, bool>> CanRead
      {
      get
      {
      int employeeId;
      bool isAdmin = Principal.IsAdministrator();
      Expression<Func<History, bool>> baseWhere = this.BaseWhere;
      Expression<Func<UserClaim, int, bool>> userIsReviewer = this.UserIsReviewer;
      Expression<Func<UserClaim, int, bool>> userIsRegionalCommercialLeader = this.UserIsRegionalCommercialLeader;

      ...

      return e =>
      !e.Deleted &&
      (e.Version != Version.Budget || isAdmin) && ...

      }
      }


      The content of the code itself is not so important. It is just the fact that it is in a Repository. It does not seem very SOLID.



      I think it probably violates the SRP principle.

      The repository's responsibility is communication between the Services and the data-access layer (some would say it is in the data access layer).

      That reponsibility does not include checking whether a User is authorized to access that data.



      I think auth is a cross-cutting concern which should be checked before any call to the data layer is made.



      I just wanted a 2nd opinion on this, as I need to collect my thoughts while I compile a list of my issues with the code (which I will diplomatically produce at the right time).



      Thanks







      c# repository






      share|improve this question







      New contributor




      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 1 hour ago









      onefootswillonefootswill

      101




      101




      New contributor




      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      onefootswill is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          onefootswill is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211959%2fauthorization-code-in-repository-violating-srp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          onefootswill is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          onefootswill is a new contributor. Be nice, and check out our Code of Conduct.













          onefootswill is a new contributor. Be nice, and check out our Code of Conduct.












          onefootswill is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211959%2fauthorization-code-in-repository-violating-srp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          404 Error Contact Form 7 ajax form submitting

          How to know if a Active Directory user can login interactively

          Refactoring coordinates for Minecraft Pi buildings written in Python