tags:

views:

226

answers:

3
+3  Q: 

Should validation rules always be enforced at the model level?

With the new ASP.NET MVC 2 validation features, we can decorate the properties of our domain model objects with DataAnnotations attributes that describe criteria for valid values. The DefaultModelBinder knows about this and populates ModelState.IsValid accordingly before a controller action is invoked. Since the validation rules are defined within the domain model, this is regarded as model-level validation. Scott Guthrie writes:

The benefit of implementing the rules within our Person object is that this will ensure that the validation will be enforced via any scenario within our application that uses the Person object [...]

Strictly speaking, the rules are not really enforced in my opinion, since all the action methods need to check the ModelState.IsValid property and act differently depending on its value. Also, although the rules are defined in the model, they are applied in the presentation layer since that's where all model binders live. But I guess this is just me being picky with the choice of words (or me just being plain wrong).

However, what about enforcing the validation rules at the domain model level? Steven Sanderson uses this approach in a post about the xVal validation framework where he writes:

Now, the model tier enforces its own validity by refusing to place bookings that don’t meet all validation and business rules.

In his example, the "booking manager" (which lives within the model) throws a special business rule exception when consuming code tries to place a booking that is invalid. Thus it is impossible for the consuming code to place an invalid booking, regardless of whether it checked the validity of the booking beforehand (through ModelState.IsValid or some other custom construct).

So my question is:

Assuming that there are validation rules defined at the model level, should they also be enforced within the model?

(Note that I'm really new to the concept of domain-driven design, so please bear with me if I haven't used precisely the correct terminology.)

+1  A: 

Assuming that there are validation rules defined at the model level, should they also be enforced within the model?

Yes. If you provide a way for the rules to be short-circuited, then they will be. Maybe not by you, and maybe no time soon, but surely by other developers in x weeks/months/years in the future.

Plus there's always the human error element - maybe one day when you're tired or coding late at night, you incorrectly read this validation flag and are actually letting records through that don't validate. (Don't scoff, I've done it myself!)

I now always make sure a record cannot get through to the database without being validated by the model.

Andy Shellam  2010-02-12 15:26:56
Are you saying to prevent an object from ever existing in an invalid state? I don't think this is realistic in many complex domain models and/or serialization contexts.
manu08  2010-02-15 05:52:44
How about Steven Sandersson's example above then, where the validation occurs only at specific times when the object acutally needs to be valid (such as when persisting it)? Saying that an object can never be in an invalid state seems to me a bit like saying that a paper form must have all required fields filled in at all times.
Anders Fjeldstad  2010-02-15 07:57:10
Validation at the point that it enters the database - e.g. when the Save() method is called. Save() won't be called during serialisation/deserialisation. I never said the object will never be in an invalid state - I said I make sure it never gets to the database in an unvalidated state. As for the paper form comment - if the form was returned to the data-processor without the required fields being filled in - would it still be processed? No, it'd be sent back to the sender for more information.
Andy Shellam  2010-02-15 08:33:17
Continuing my previous comment... if you require a model to be partially-saved (e.g. for a 3-stage registration process on a website) then you have a stage field that says what stage the process is in (e.g. 1, 2, 3) and the validator checks the required fields are filled in up to the given stage.
Andy Shellam  2010-02-15 08:34:33
My comment above was actually equally aimed at manu08's comment. I think you have good points (+1). Would really like to get input from some more people though, if possible.
Anders Fjeldstad  2010-02-15 09:02:18
Ah sorry Anders, it was too early on a Monday morning and I wasn't reading completely in context :)
Andy Shellam  2010-02-15 14:04:34
A: 

I'm not too sure about this DataAnnotations either. But it seems they should work everywhere, whether the model is in ASP.NET MVC project or not and used from there or not. Because DataAnnotations are part of System.ComponentModel.DataAnnotations. I find this especially useful since I have all my models defined in separate projects, outside of the core MVC project in my VS solution.

mare  2010-02-13 18:09:30
A: 

DataAnnotations are a useful feature of ASP.NET MVC 2, it really does provide a nice cheap way to get both server-side and client-side validation. Though, you're right to point out a major weaknesse. But I also don't think enforcing validation via the model is a sure thing either; I see two issues:

Issue 1: how are you doing to enforce this? You can put all kinds of validation on your constructor, and your setters, etc..., but you can easily run into issues where you need to circumvent those rules. A good example is serialization; while you can generally work around it, sometimes during the deserialization of an object you just need to allow the object to be in an invalid state for a moment. Another example would simply be an extremely complex hierarchical model (e.g., parent requires a child and that child requires a parent, obviously you have a chicken-and-egg problem since you can't construct them simultaneously).

Issue 2: what about validation rules at a higher level (e.g., usernames must be unique)? You can't have these rules in the Model.

At the end of the day you should strive to make your code as clean and intention revealing as possible, and keep things well-tested. I have yet to see any model based validation that really fully protects the integrity of your data 100% of the time. Even if a user doesn't break your model, another developer eventually will.

manu08  2010-02-15 05:49:13
My thought was to enforce validation every time an object is saved, transmitted or at any other point where it really needs to be in a valid state. I realize that there are times when the objects may need to be in an invalid state as you point out. As for high-level validation rules such as username uniqueness - such validation should naturally be enforced within the service/repository/etc since that's the context of the rule. The user object itself doesn't know about other users and therefore rules at a higher level than the user object itself should not be defined on the user, imo.
Anders Fjeldstad  2010-02-15 09:10:02
I agree. So then my answer to your question about enforcing things on the model itself would be, not always.
manu08  2010-02-15 17:46:23

related questions

Would you override ScriptControl or BaseValidator for an async ASP.NET validator control?
Handling HttpRequestValidationException gracefully and ASP.net AJAX compatible?
How to Dynamically Generate String Validation?
Validate email address in Javascript?
Data Validation Design Patterns
Strong Validation in WPF
How to evaluate an IP?
Validating a HUGE XML file
Validate (X)HTML in Python
ValidationRule To Enforce Unique Name
Checking if userinput is a valid URI in XUL
XML Parser Validation Report
Email SMTP validator
MVC - where to implement form validation (server-side)?
How do you remove invalid hexadecimal characters from an XML-based data source prior to constructing an XmlReader or XPathDocument that uses the data?
How to check set of files conform to a naming scheme
What's the best way to implement field validation using ASP.NET MVC?
How do I validate xml against a DTD file in Python
What's the best way to validate an XML file against an XSD file?
Problem databinding an ASP.Net AJAX toolkit MaskedEditExtender
Validating posted form data in the ASP.NET MVC framework
Best method for varchar date validation in Sybase (T-SQL)?
How important is W3C XHTML/CSS validation when finalizing work?
How far should one take e-mail address validation?
ASP .Net Custom Client-Side Validation