[Catalyst] Re: Using model layers between Catalyst and DBIC
Dave Howorth
dhoworth at mrc-lmb.cam.ac.uk
Tue Feb 7 10:15:01 GMT 2012
Bill Moseley wrote:
> That is, we want to allow $user->first_name, but not
> $user->search_related or $user->delete.
>
> That requires writing new wrapper classes for every possible result -- not
> just mirroring DBIC's result classes but possibly many more because the new
> model might have multiple calls (with different access levels) for fetching
> user data. That is, $user->email might work for some model methods that
> return a user but not methods called on the model.
>
> Frankly, to me this seems like a lot of code and work and complexity just
> to prevent another developer from doing something stupid -- which we cannot
> prevent anyway. And smart programmers can get at whatever they want,
> regardless. Seems more risky to make the code more complex and thus harder
> to understand. The cost/benefit ratio just doesn't seem that great.
You don't necessarily need new classes. You need to change existing
behaviours, so you could override methods. To prevent programmers doing
things, you don't need to make it impossible, just make it easy to see
when they are naughty. A log entry, or an audit record in the database,
or even peer review of the code, can all be sufficient to stop a
programmer calling delete. As long as they know they're not supposed to
call it! What's appropriate all depends on the application and your
circumstances, of course. JMHO.
> I suppose this is not unlike the many discussions about what to pass to the
> view. Does the controller, for example, fetch a user object and pull the
> data required for the view into a hash and then pass that to the view? Or
> does the controller just fetch a user object and pass that directly to the
> view to decide what needs to display?
>
> I prefer just passing the object to the view. The controller code is much
> cleaner and then when the view needs to change don't need to also change
> the controller. And when there's a different view (like an API or moble )
> the same controller action can be used.
You might (re)read what Martin Fowler has to say about facades. It may
help you to firm up your own opinion, even if you disagree with him.
Cheers, Dave
More information about the Catalyst
mailing list