Page 3 of 3
Re: What do your CRUD methods return?
Posted: Sun Jun 20, 2010 5:17 pm
by Eran
To relate to database terms - item is a row, attribute is a column. And again you go back to the default values - those can be handled by the model, I never said otherwise. Aside from that, the view should be aware of whether there are some items (rows) , no items, or an error. It's an important distinction in my opinion.
Re: What do your CRUD methods return?
Posted: Mon Jun 21, 2010 3:29 pm
by Benjamin
josh wrote: My model would not be checking permissions. It would return the data, and the controller would decide what to do. Permissions are system level to me.
Where would a high security site, such as an online banking site, place permission checking?
Re: What do your CRUD methods return?
Posted: Mon Jun 21, 2010 3:55 pm
by josh
Benjamin wrote:Where would a high security site, such as an online banking site, place permission checking?
Good question. I am inexperienced but I can probably offer insight. A bank account might have "system level" security (ex. a customer shouldnt be in the admin panel). That would be purely controller based in my preference.
But then you have like "account level" security for lack of a better term. In a banking system you'd probably have a "transaction" object, with 2 "legs" (or accounts). One account being debited and one being credited, or a short & long leg in the case of stocks & securities.
In my controller I would probably just have something like
Code: Select all
$this->assertUserCanMakeTransaction( $transaction )
or
Code: Select all
$transaction->canBeMadeBy($this->user())
The former would be more of an "assertion". It would probably use the latter as a sub-routine, which would return true or false, better for use in "if statements". Additionally my model would probably internally check the security again, and throw an exception, in case there was a security issue. Obviously permission check is not an exceptional situation though, so an exception should only be raised once crap really hits the fan (like if you forgot to do the check in the controller, or the controller got exploited).