[Dbix-class] Enforcing read-only objects

Bill Moseley moseley at hank.org
Wed Aug 11 19:59:12 GMT 2010


On Wed, Aug 11, 2010 at 12:03 PM, Ian Docherty (icydee) <
dbix-class at iandocherty.com> wrote:

>
> If it were me, I would not be trying to twist DBIC into knots to support
> this logic, but put a separate business layer between the application and
> DBIC within which you implement this logic.
>
> So, you would provide methods in your business layer to update the object=
s,
> and this would do the checking before making calls to the DBIC layer.
>

I do have a separate layer above DBIC (probably two) that does validation
and abstracts out the business logic.

So, just to be clear, you are suggesting in each business layer method that
might update do something like:

sub set_active {
     my $foo =3D shift;

     die "$foo is readonly" if $foo->is_readonly;

     $foo->active( 1 );
     $foo->update;
}

If that's not what you meant then could you show a simple code example?


In the past we had code like that, but it turns out it sometimes the tests
are forgotten.  Thus, we were looking for a way to enforce the access
control.   So, if every object has an "is_readonly" method and update() is a
common method used by all other methods, then the update method is a central
place to test instead of repeating the same code in many methods.

Now, the update() above doesn't have to be DBIC's update() method -- it
could be part of my business model which then call's DBIC's update() method.
 Doesn't really matter.  The idea is a central place to test instead of
testing in individual places.




> In my opinion, if you are putting ->update, ->create, ->delete, ->update
> methods in your application then this is wrong.
>

Yes.  That's the often given advice.  Those DBIC methods are probably only
called directly a few times in the entire application.



> It also means that if you have some background process that *does* need to
> do an update on this data, irrespective of the user_access, then it can
> still do so (via the business logic) whereas with your solution you are
> preventing this from working too.
>

Well, in that case $foo->is_readonly would not be true, right?


-- =

Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/dbix-class/attachments/20100811/c0c=
a2ff9/attachment.htm


More information about the DBIx-Class mailing list