ansaurus

Question

Does dependency injection increase my risk of doing something foolish?

Answer 1

A:

No, dependency injection does not require you to pass the admin list as a parameter. I think you are slightly misunderstanding it. However, in your example, it would involve you injecting the AdminSet instance that your Notification class uses to build its admin list. This would then enable you to mock out this object to test the Notification class in isolation.

Dependencies are generally injected at the time a class is instantiated, using one of these methods: constructor injection (passing dependent class instances in the class's constructor), property injecion (setting the dependent class instances as properties) or something else (e.g. making all injectable objects implement a particular interface that allows the IOC container to call a single method that injects its dependencies. They are not generally injected into each method call as you suggest.

David M 2010-01-02 21:58:42

By parameter, I meant injected as opposed to defined within the class. Sorry for the lack of clarity. What makes me nervous is injecting the Admin information at all. More generally, if I retrieve data inside a method I know where I'm getting it from. If it's being injected, how do I know the data is the same data that I want and not just structurally identical? If I'm able to mock whatever class/set of classes represent the admin information (which is certainly a good thing from a testability standpoint) doesn't that necessarily imply that the method can't trust the data it's receiving?

bglenn 2010-01-02 22:27:21

It's not the data you inject, it's the class that is used to construct/retrieve the data.

David M 2010-01-02 22:28:35

Answer 2

+4 A:

You need to reverse your thinking.

If you have a service/class that is supposed to mail out private information to admins only, instead of passing a list of admins to this service, instead you pass another service from which the class can retrieve the list of admins.

Yes, you still have the possibility of making a mistake, but this code:

AdminProvider provider = new AdminProvider();
Notification notify = new Notification(provider);
notify.Execute();

is harder to get wrong than this:

String[] admins = new String[] { "[email protected]" };
Notification notify = new Notification(admins);
notify.Execute();

In the first case, the methods and classes involved would clearly be named in such a way that it would be easy to spot a mistake.

Internally in your Execute method, the code might look like this:

List<String> admins = _AdminProvider.GetAdmins();
...

If, for some reason, the code looks like this:

List<String> admins = _AdminProvider.GetAllUserEmails();

then you have a problem, but that should be easy to spot.

Lasse V. Karlsen 2010-01-02 22:18:13

+1 - Couldn't have said it better myself.

ChaosPandion 2010-01-02 22:26:06

You might even "reverse" it even more and pass a notification provider to your AdminSet.

Cellfish 2010-01-02 22:28:50

+1 Good answer, but see my answer for more options.

Mark Seemann 2010-01-02 22:42:01

I follow your example but I think I'm still exposed. Presumably, AdminProvider is an implementation of an interface and someone could send to Notification an implementation that implements GetAdmins in an incorrect way. My example is a little contrived but my concern is I can't just trust that a class enforces internal controls anymore; Once I use DI, I have to worry about the callers making a mistake. I think Cellfish's method gives me the control I want but then I have internal dependencies again (I'd need to use 'new' somewhere to get the admin data/objects). Is it just a tradeoff?

bglenn 2010-01-02 23:02:06

Answer 3

A:

Other good answers have already been given, but I'd like to add this:

You can be both open for extensibility (following the Open/Closed Principle) and still protect sensitive assets. One good way is by using the Specification pattern.

In this case, you could pass in a completely arbitrary list of users, but then filter those users by an AdminSpecification so that only Administrators recieve the notification.

Perhaps your Notification class would have an API similar to this:

public class Notification
{
    private readonly string message;

    public Notification(string message)
    {
        this.message = message;

        this.AdminSpecification = new AdminSpecification();
    }

    public ISpecification AdminSpecification { get; set; }

    public void SendTo(IEnumerable users)
    {
        foreach(var u in users.Where(this.AdminSpecification.IsSatisfiedBy))
        {
            this.Notify(u);
        }
    }

    // more members
}

You can still override the filtering behavior for testing-purposes by assigning a differet Specification, but the default value is secure, so you would be less likely to make mistakes with this API.

For even better protection, you could wrap this whole implementation behind a Facade interface.

Mark Seemann 2010-01-02 22:41:32

Notification.SendTo is taking users as a parameter which is consistent with DI and is certainly good for testability (others will comment it should be injected in the constructor; that doesn't matter to me for the purposes of this question). But can't any caller put together any set of user objects and send them to the method? The Specification pattern is interesting, but doesn't it need to be applied against a trusted set of objects and doesn't that imply that SendTo needs to fetch the users set itself (which of course breaks DI)?

bglenn 2010-01-02 23:25:33

The Specification is essentially a filter, so you can supply any number of users, and only those that pass the filter will get the notification. In this way, it doesn't matter which users you supply, because you have an internal guard that protects you from making mistakes.

Mark Seemann 2010-01-03 09:08:09

ansaurus

tags:

views:

answers:

Does dependency injection increase my risk of doing something foolish?

related questions