c# - In a web api odata controller how to I protect some fields from being update by clients? -
i trying head around web api odata controllers.
how modify controller info can be:
updated client when submit form left unchanged (data not need updating) updated using server side value (client should not able edit value) only updated if security level allows itmy view model:
public class order { [key] // left unchanged public int orderid { get; set; } // updated client when submit form public datetime orderdate { get; set; } // updated client when submit form public string orderstatus { get; set; } // updated if security level allows (left unchanged or may updated client) public string approvalstatus { get; set; } // updated client when submit form public string ordernotes { get; set; } // updated client when submit form public string privatenotes { get; set; } // updated using server side value public double ordertotal { get; set; } // updated using server side value public string createdby { get; set; } // left unchanged public datetime createddate { get; set; } // updated using server side value public datetime modifieddate { get; set; } // updated using server side value public int? active { get; set; } // updated client when submit form public int? creditorid { get; set; } public virtual creditor creditor { get; set; } } my controller:
// patch: odata/orders(5) [acceptverbs("patch", "merge")] public async task<ihttpactionresult> patch([fromodatauri] int key, delta<order> patch) { validate(patch.getentity()); if (!modelstate.isvalid) { homecoming badrequest(modelstate); } order order = await db.orders.findasync(key); if (order == null) { homecoming notfound(); } patch.patch(order); seek { await db.savechangesasync(); } grab (dbupdateconcurrencyexception) { if (!orderexists(key)) { homecoming notfound(); } else { throw; } } homecoming updated(order); } c# asp.net asp.net-mvc asp.net-web-api odata
No comments:
Post a Comment