Home > Enterprise >  How to handle this relationship scenario
How to handle this relationship scenario

Time:09-30

I am building an API where I have the following scenario:

Companies which has many Projects which has many Tasks. As a User I belong to a Company and I can create a Task.

There are more similar scenarios in the system. All these entities but User have a int64 Id.

This task creation payload would be something like:

{
    "summary": "summary",
    "description": "description",
    "projectId": 1
}

What's hammering my mind is: Should I validate if both the Project provided in the payload and the logged in User belong to the same Company before allowing the Task creation? I am afraid the wrong projectId is provided in the payload and then the Task would be created in a totally different Project, perhaps even of a different Company.

However, I feel like querying the database to validate stuff in each one of these similar scenarios (as mentioned above) would be too much and maybe there would be a lot more code. Is validating these scenarios really the "right" approach? What about using GUID as id for these entities and then only checking if the Project exists or not?

CodePudding user response:

Do you want to create a secure system where users can't access projects or companies that they don't own? Then check all parameters.

Do you want to have a false sense of security and type maybe a little bit less code? Then use GUIDs and hope nobody guesses correctly and won't obtain valid (but not their) GUIDs.

Page link:https//www.codepudding.com/Enterprise/560961.html

Prev:R dataframe has date as part of a column name and I want specify the most recent two columns without
Next:I want to store PDF file as URL in database and also get URL of that image Laravel 8
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding