You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "CRANFORD, CHRIS" <Ch...@setech.com> on 2010/12/17 16:49:33 UTC

Validation/Restriction

Our application is designed to allow users to query information from our
backend database.  The records in this database are stored with an
association to a data hierarchy.  Each record contains a facilityId
value and this facilityId is the deepest child in the tree of
customer->region->facility.  

When users use the search forms, they can specify where in this data
hierarchy they want to have their data results limited within.  Maybe
they only want to see across a specific customer, region, or facility.
They may also want to be able to view across all customer records if
their security access permits them that type of access.

The issue is two-fold:

o Validate supplied value is acceptable
o Translate supplied value to a list of facilityIds to be used in query 

Validation seems simple.  I could use the validate() method in my action
to make sure when the user selects a value from a drop-down or if
they're coming from a link where the value was added by the application,
that the value submitted was actually within the constraints of their
role and not altered or manipulated.

As for the translation portion, if the user selected ALL, then based on
their role, I need to generate a list of all available facilityIds that
their action mapping is permitted to query based on the user's
role/security.  If the user selected a customer, I would need to create
the same facilityId list; however restricted to that specific customer.
Similarly, if a region was selected, it would be restricted to that
specific customer and within that specific region.  This list would need
to be used in the query to limit what records were returned.

I would rather have all these checks centralized.  By having some of it
in the specific action, other portions in the service layer, it really
will become difficult to maintain should this change in the future.

Can anyone suggest a good way of how to do this and where to place such
code?


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org