Where to put the data validation logic before writing?

I

Ivan Ivanoff2021-08-28 12:29:58

symfony

Ivan Ivanoff, 2021-08-28 12:29:58

Hello!
There is an entity - a product, it has the property "display on the site".
There is a user entity, users have different rights (admin, manager, moderator, senior manager, etc.)
The product must be moderated before publication, and an ordinary user / manager cannot set visibility to true. And the admin/moder can. But any user who has permission to edit can turn off the display of the product.
And there are 2 types of product updates - single (within CRUD) and multiple (selected several products with checkboxes and clicked update).
Actually, the question is: where is it customary in Symphony to put the logic of such a check (controller, validator, repository, etc.)? Thanks in advance for your replies!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

sl0, 2021-08-28
@sl0

For moderation / editing, I would make an EditController in which restrictions on roles would be set by IsGranted. And a separate controller for turning off the display for users.
But in general the system is very strange. Why give users the ability to unpublish products? Any enraged user will be able to fuck the work of all moderators.

I

index0h, 2021-08-30
@index0h

Access control - if possible, take it to the controller, using Voters for example.
Data validation - I recommend doing it in every public and protected method. Yes, it's kind of like a hassle, but this approach saves a lot of time on debugging. Directly in Entity validation in setters.
https://github.com/index0h/php-conventions