asp.net mvc 4 web api - data integrity/validation responsibility -


i'm new asp.net mvc , web apis, learning it.

lets have

models:

public class student {     public int studentid { get; set; }     public string studentname { get; set; } }  public class course {     public int courseid { get; set; }     public string coursename { get; set; }      public ienumerable<int> studentids { get; set; } }

controllers:

  1. user controller - implements post, put, get, delete
  2. course controller - implements post, put, get, delete

each controller uses kind of repository get/add/remove/update data
lets say:
courses repository static dictionary<'int, course> courses
students repository *static dictionary<'int, student> students *

we not use entity framework!

custom routing

post /api/courses/{courseid}/users/{userid}
should go course controller , add user id list

[route("api/courses/{courseid}/students/{studentid}")] [httppost] public httpresponsemessage addstudenttocourse(int courseid, int studentid)  {      // adding student id course     ...  }

questions:

  1. should use custom route add mapping between courses , users
  2. should check if student exists ? or kind of agreement client input valid
  3. if check - should ? controller ? model ? kind of data access layer?
  4. if coursecontroller / coursemodel means should "know" 2 repositories (the courses repository , students repository) right ?

i'll try answer questions in order, remember kind of questions can answered on opinions, personal preference, , personal experience, you'll different answers:

  1. in general should avoid attribute routing, if exception , fits in routing pattern: go it.
  2. you should ensure integrity of data , implement data access in way. if client misuses service can damage data integrity. if student exists give him http 200 or 201 , if student not exist give him 1 of http 400 errors (f.e. 404). rule of thumb: mistrust client , check , validate data sending api.
  3. i in data access layer. should go idea of thing controller, meaning should avoid lot of operations in controller. model representation of data. should not contain logic find out if specific entity exists or not.
  4. i don't know if question right, should answer point 3.

hope answer of questions.


Comments

Post a Comment

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

consider, toml node module can use: // toml.d.ts declare module toml { export function parse(value:string):any; } declare module "toml" { export = toml; } then: /// <reference path="../../../../../defs/toml/toml.d.ts"/> import toml = require('toml'); toml.parse(...); however, node module export single function, such 'glob' ( https://github.com/isaacs/node-glob ). the node usage of module be: var glob = require("glob") glob("*.js", {}, callback(err, files) { ... }); you'd naively expect this: // glob.d.ts declare function globs(paths:string, options:any, callback:{(err:any, files:string[]):void; ...but because typescripts 'import' semantics bit strange, seems can use 'import .. = require()' statement alias modules . trying call: /// <reference path="../../../../../defs/glob/glob.d.ts"/> import blog = require('glob'); results in: error ts2072: mod
Read more

openid - Okta: Failed to get authorization code through API call -

i'm integrating okta own idp server using okta's api. i'm implementing authorization code flow following steps below: in own server, use /api/v1/authn endpoint sessiontoken. use sessiontoken obtain authorization calling endpoint: /oauth2/v1/authorize?client_id=" + clientid + "&sessiontoken=" + sessiontoken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirecturl + "&state=evanyang&nonce=" it's supposed return response status code 302 , location header containing redirect url code value. however, keep getting response status code 200 , without location header, html body saying "you using unsupported browser." , "javascript disabled on browser." according api documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request , sessiontoken parameter sufficient this: an okta one-time sessiontoken. allows api-based
Read more

thorough guide for profiling racket code -

did googling ("racket profiling", "racket measure performance"), didn't find , there no examples in docs. did google "profile" search on htdp - no luck. (profile (f ...)) output isn't obvious other small snippets. ideally want python's python -m cprofile usage examples. when search "python profiling", both duckduckgo , google give top result: 26.4. python profilers . (although scanned quickly, seems more of reference "thorough usage guide" examples. if had else in mind, perhaps please link that?) the equivalent racket documentation be: profile: statistical profiler . a usage example: #lang racket (require profile) (profile-thunk (thunk (function-to-profile arg0 arg1) )) here (thunk e) convenience (lambda () e) . bigger example: #lang racket (module mod racket (provide f) (define (f) (for/list ([i 10000]) i))) (require (prefix-in mod: 'mod)) (define (f) (for ([i 10000
Read more