I have request layer before controller layer to validate rules and get correct data from input but where is correct location to place check permission?
for example if an user wants to update its profile with API
user?user_id=1 with PUT method
I want to check login user id with user_id parameter , if I place it in request layer I should to use Model in request layer is it correct in aspect of programming structure? if not, where is its better location?
Asked
Active
Viewed 356 times
0
atf.sgf
- 458
- 2
- 4
- 16
1 Answers
1
If you put this kind of logic at your Request this will be a clear violation of SRP. Request abstraction layers is responsible to read input data and serialize them in a legible form.
Controller has the responsibility given the user's input alter the state of Model layer and sometimes the associated View layer. So controller cannot validate user's input.
So your validation will be exists at the Model layer. This layers is responsible for domain logic and is the place where all relevant validation like yours taken place.
I suggest you to read twice this article. Also try to be more SOLID and start to implement concepts like dependency injection
