What do your CRUD methods return?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: What do your CRUD methods return?

Post by Eran »

To relate to database terms - item is a row, attribute is a column. And again you go back to the default values - those can be handled by the model, I never said otherwise. Aside from that, the view should be aware of whether there are some items (rows) , no items, or an error. It's an important distinction in my opinion.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: What do your CRUD methods return?

Post by Benjamin »

josh wrote: My model would not be checking permissions. It would return the data, and the controller would decide what to do. Permissions are system level to me.
Where would a high security site, such as an online banking site, place permission checking?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: What do your CRUD methods return?

Post by josh »

Benjamin wrote:Where would a high security site, such as an online banking site, place permission checking?
Good question. I am inexperienced but I can probably offer insight. A bank account might have "system level" security (ex. a customer shouldnt be in the admin panel). That would be purely controller based in my preference.

But then you have like "account level" security for lack of a better term. In a banking system you'd probably have a "transaction" object, with 2 "legs" (or accounts). One account being debited and one being credited, or a short & long leg in the case of stocks & securities.

In my controller I would probably just have something like

Code: Select all

$this->assertUserCanMakeTransaction( $transaction ) 
or

Code: Select all

$transaction->canBeMadeBy($this->user()) 
The former would be more of an "assertion". It would probably use the latter as a sub-routine, which would return true or false, better for use in "if statements". Additionally my model would probably internally check the security again, and throw an exception, in case there was a security issue. Obviously permission check is not an exceptional situation though, so an exception should only be raised once crap really hits the fan (like if you forgot to do the check in the controller, or the controller got exploited).
Post Reply