When validating user input how deep would you go? Let say, that the user provided an ID for a database entity. The ID is valid in form, like integer, long etc. But the Entity does not exist in the database.
Should input validation go that deep?
If the entity doesn't exist then trying to access it propably causes some error or exception during execution. So you can check if the ID is valid or manage exception later.
Related
I have a sequelize model, which needs custom validation. That custom validation relies on some foreign keys being valid (valid as in valid uuid, not checked that they exist in db) on a record. There is also another validator appended that checks for mutual exclusivity of the foreign keys (only one can be present at the same time). After all this, I access the database in another validator to fetch data from another collection. I dont want this to happen if any of above validators fail because I dont want to access the database if I dont have to and I dont want to check if uuid is valid again because that is a job for one of previous validators.
The order is like so:
check if field contains valid type (uuid) - field type validator
check that field is not clashing with another field (mutually exclusive) - model-wide validator
fetch record from another collection to do further validation - model-wide validator
I want to check if previous validator has already thrown an error and not execute the next one if it has. Even better if I can check which one has thrown an error. Sequelize executes all validators even if error was already thrown. In documentation it says:
Any error messages collected are put in the validation result object
alongside the field validation errors, with keys named after the
failed validation method's key in the validate option object. Even
though there can only be one error message for each model validation
method at any one time, it is presented as a single string error in an
array, to maximize consistency with the field errors.
I tried several ways to access this "error" object but to no avail. Is there a way at all to know if error was already thrown by one of previous validators?
All,
I am building a Power Flow. I am returning an object that has a relationship to another entity.
I want to get some values from the related entity.
I am attemping to use the "Get Record" connector. The returning object returns just the logicalEntityName (in this case "opportunities") but Get Record wants an Entity Name that is the Schema Name ("Working Opportunities").
Big Question: What's the secret to use CDS to get information from a related record in another object?
Little Question: How do I do get the Schema Name?
The logical name will be the same as schema name except some casing difference, ie schema name will have camel casing (first letter of first/second word with capitals, you can notice it clearly in custom entity which will have publisher prefix like new_entityname) and logical name will have pascal casing (all lower case).
You can find the details in XrmToolBox metadata browser or in Solution.
In the below snip, (Logical) Name = Opportunity and Schema Name = Opportunity, also Display Name can be anything and can be changed anytime.
Regarding the related entities, you should use List Records: GetItems_V2 and you can use filter by passing parent record to get related child records. Read more
Could you please share flow screenshot and response to help you with your requirement?
As suggested by Arun you could use List Record and filter query to pass parent record id which will be available from dynamic content.
see below link.
https://crmkeeper.com/2019/08/31/cds-list-records-filter-query-using-flow/
Please mark my answer verified if i were helpful
I'm reading the book "Architecting Applications for the Enterpise (Dino Esposito)". It raised a question about validation.
The Domain Model can have a property CanBeSaved which calls the Validate() method of the Domain Model. All good, except for complex situations.
For example a Customer model which needs a unique customer code (ex. 000542). You can only check this with database access. Isn't it better to put the Validation always in a Domain Service. So you have only one way of checking if an aggregate is in a valid state? If you use both, a developer can 'forget' to use the domain service validation for the Customer.
I find it better to have always valid entities rather than rely on an external validation object.
That being said, unique checks are a bit of an exception since it is often not something that the aggregate itself can determine on its own, you have to look into all existing aggregates to see if the value is not already taken. What I do is check for availability of the value before creating the entity, and also put a constraint in the database which will verify uniqueness at persistence time. You could also try to find a domain concept that encompasses all your entities and make it an aggregate that has a list of all codes and enforces the uniqueness invariant.
I implementing RESTful API service and i have a question about saving related records.
For example i have users table and related user_emails table. User emails should be unique.
On client side i have a form with user data fields and a number of user_email fields (user can add any number of fields independently). When the user saves the form i must first make query to create record in users table to get her ID, and only then i can make query to save user emails (because in now i have id of record which come with response after saving user data). But if user enters not unique email in any field then the request will fail. So I create a record in the users table but not create record in user_emails table.
What are the approaches to implement validation of all this data before saving?
This is nor related restful api but transactional processing on the backend. If you are using Java, with JPA you can persist both element in the same transaction then you can notice if there is a problem and rollback the entire transaction returning a response.
I would condense it down to a single request, if you could. Just for performance's sake, if nothing else. Use the user_email as your key, and have the request return some sort of status result: if the user_email is unique, it'll respond with a success message. Otherwise, it'd indicate failure.
It's much better to implement that check solely on the server side and not both with the ID value unless you need to. It'll offer better performance to do that, and it'll let you change your implementation later more easily.
As for the actual code you use, since I'm not one hundred percent on what you're actually asking, you could use a MERGE if you're using SQL Server. That'd make it a bit easier to import the user's email and let the database worry about duplicates.
I am novice to joomla. I am using Joomla 1.5. I have declared a field in database table as unique. Lets suppose , I have declared "username" as unique . I created a component named "com_user" in the administrator/components section. Now, when I add a user "xyz123", for the first time, its ok. But, during next entry, when I enter the same value, it should generate error with displaying error message showing "Username should be unique" or sth. like this . How can this be done?
The best way to do this I think is to just do a "select count(*) from..." before you try to insert the user into the database to see if the user already exists. The best way to display errors, warnings and notices would be to use the JError class
A second way is to use the getErrorNum() and getErrorMsg() methods of the DBO object.
More information on that here: http://www.joomladin.com/index.php/tutorials/34-module-development/54-exception-handling.html Although I do believe that while using this second method the user still might see a big red "Database Error: duplicate key..." message.
The store() method of your JTable class should return false when the query fails, so you could use this to determine when a duplicate record is being entered. However, the store() method will also return false when the query fails for other reasons (lost database connection, etc...).