Checking Webapi against a database
Suppose your webapi call creates database objects like this:
class Task
{
public Guid AssignedUser {get; set;}
public Guid FarmId {get; set;}
public Guid FieldId {get; set;}
... etc
}
When a new task is created on the mobile device and the API is called to create this task on the server, I need to do some validation. There is a check that can be done quite easily with attributes DataAnnotations
, for example if a feed is required or inside Range
or what not.
But suppose I also need to check the following:
- The current user (from context) belongs to the specified farm
- AssignedUser refers to the specified farm
- The field belongs to the specified farm and the AssignedUser is assigned to the group working on this field
All of these checks require information from the database. I am trying to use ExpressiveAnnotations and with them I could do something like
[AssertThat("CurrentUserBelongsToThatFarm(FarmId)")]
public Guid FarmId {get; set;}
only problem: validation is done during json desalinization before the code enters my action with the controller and I can't figure out how I can add the database context so that it can be accessed by the validation function. That is, I can of course request it directly from the IoC container, but I would prefer not to.
Is there a clean way to perform such checks?
Update
To answer CodeUniquely's comment below, I'd like to clarify that this is a "randomly linked" scenario. That is, devices using the API most of the time have no network coverage, and they sync from time to time using the API.
In practical terms, this means that most of the data that is needed for synchronization is aggregated into zero or one "push update to server" call followed by a "get latest state from server" call. With Sql Server and EF in the background, which results in several different (and sometimes unrelated) objects and collections all contained in a single json. For example:
class TaskData
{
public IList<Product> Products {get; set;}
public Task Task {get; set}
...
}
Also, the model classes that are used to generate json calls for GETs are decoupled from EF Entites because the database schema does not exactly match the API object model.
source to share
What I have been doing here is the following.
I split all the checks into two sets of "Immediate", which are attribute-based and do not need a database and a "Database". If any of the "immediate" failures fail, the request fails and returns those errors to the client. In theory, this should only fail if the client hasn't done the proper job of vetting those clients. Otherwise, they will always be successful.
If the Immediate check is successful, I run the Database checks for each of the objects. I am saving changes to the db for changes that passed check-in and check-back errors for objects that did not.
This is more or less what @CodeUniquely suggested in his comment.
source to share