tags:

views:

205

answers:

4
+1  Q: 

OOP Design: Where should reusable validation be?

I've got a wizard which needs to validate if a user is logged in and then at the end validate that all the details they have entered are correct.

The issue is I'm not sure where to put the validation logic. At the moment I have a BuyMembership class which has validation on the Buy() method. However this won't be called at the beginning of the wizard where I need to validate whether the user is unique and is eligible for buying a membership.

For this validation I've created a BuyMembershipValidation class which validates if the user is eligible.

The issue now is that I have to pass a different parameter object to the BuyMembershipValidation and the BuyMembership classes. This means the data is split.

Is there a better way of doing it. Should I only load part of the information into the BuyMembership class for the initial validation and then load the rest after?

Update:

I need to validate when they enter the wizard (check if they are logged in already) and if they aren't then they will register as a new user otherwise I have to check if they have the right settings to buy membership as all users can't buy a membership. That's why I need two sets of validation. One for whether they're eligible and another for the actual data they enter to register. However I would like to recheck that they are eligible when they make the final transaction just in case they somehow made it past the first wizard step or if the web service (where I'm doing the logic) is called from somewhere else at a later point.

Another Update:

I've decided to go with just the one class. The reason is that there is common logic / behaviour in the IsEligible and Buy methods. One determines if the inputs meet the eligibility requirements and the other validates that all the details needed to buy the membership are valid. I don't really see this as authentication related. The authentication is done in a separate web control and I just check the Identity.IsAuthenticated and Username to see if they are logged in. I then check their username and if they are eligible to buy then I let them continue, otherwise show an error message. In terms of input validation I already have validation controls on my webpage but the validation I'm concerned with here is server side business logic validation. For that reason I think it should be in the business logic class. Not some validation class separate from the logic that performs the payment. This may just be my way of looking at it but I think this fits well with the BDD ideas of keeping validation inside the entity that holds the data.

End Another Update

TIA, Jonathan.

+1  A: 

A validator is typically tasked with validating user supplied information, not authorization. The single responsibility principle dictates that in your case they should definitely be handed by two objects.

Passing different parameter objects is fine, but but I think the authorization one shouldn't really be passed in to the BuyMembership object, it sounds like something that should be handled externally to it.

My 2 cents.

Allain Lalonde  2009-02-11 01:01:19
A: 

User authentication is a broad topic. It really depends on what type of application you are building. If it is a web application, I would recommend using one of the standard methods for authentication: NTLM / kerberos

As to when to validate, I don't see any problem with holding off on the validation until the actual Buy method is called. As long as during the steps in the wizard, you are not releasing any information to them and are only collecting data from a form. The main time when you need to be concerned about authentication is when you are actually placing an order or releasing information to the user that should be locked away in a database somewhere.

If you provide more details to what you are trying to do, I will refine my answer to help you a bit more. It's a rather broad question though, so this is the best I can come up with for now.

regex  2009-02-11 01:07:05
+4  A: 

You're actually talking about three very different things here, and like Allain said, you need to think along the lines of single-responsibility to do this right, OOP-like.

  • Authentication: making sure a user is known
  • Authorization: making sure a user can access certain logic in your application
  • Validation: making sure the data a user inputs is valid/safe/what's expected or needed
sliderhouserules  2009-02-11 06:24:33
A: 

I've added the answer to the question (see second edit).

Jonathan Parker  2009-02-20 08:50:45

related questions

How to keep track of the references to an object?
When should you use 'friend' in C++?
Overiding the equals method vs creating a new method
Making one interface overwrite a method it inherits from another interface in PHP
What are the correct stencils for object relational diagramming in visio?
Is Single Responsibility Principle a rule of OOP?
Expression Evaluation and Tree Walking using polymorphism? (ala Steve Yegge)
Access to global application settings
Inheritance and Polymorphism - Ease of use vs Purity
Do you name controls on forms using the same convention as a private variable?
How do you create a static class in C++?
How do you create objects in Perl?
Why all the Active Record hate?
When is OOP better suited for?
Accessing a CONST attribute of series of Classes
Multi-Paradigm Languages
Speed Comparisons - Procedural vs. OO in interpreted languages
pass by reference or pass by value?
How to Think in OO
Using object property as default for method property
Adding a Method to an Existing Object
Object Oriented vs Relational Databases
Class views in Django
C++: Should I use nested classes in this case?
How would you access Object properties from within an object method?