I am creating a REST API so I am creating a controller.
I have an entity like this:
public class User
{
public int Id { get; set; }
public string Username { get; set; }
public string Password { get; set; }
public int Age { get; set; }
public string PersonalInformation { get; set; }
}
In my front-end I have 2 views that requires two different models of the User.
An admin can check the personal information of the user and he needs to see all the information except of the password.
A user con modify all his information, so he will need to see all his information.
Another view is to only show the user Username and PersonalInformation and both, admin and user may ask for it.
I this case, I will need three different models to send to the frontend.
To access this information my controller will have a method:
[HttpGet("{id}")]
public IActionResult Get(int id)
{
....
}
At this point comes my question, because I have same method to return two different models (in the future may be more). Investigation on Web API design, I read that the keyword to access may no be verbs. One method url will be /users/1, but the others must be different and here comes my problem.
Thanks!
You can create two different dtos (data transfer objects). Just two simple classes like your user with the data you want in it. I don t know how you are doing authorization, but when an admin is calling the api you return Ok(dto) and when the user is calling Ok(dtoWithPassword).
And make sure that the password is hashed and salted.