Issue
I am trying to create a project management app and for my back-end I have a Project Entity which has a many-to-many relationship with the User Entity. I have the following DTO:
public class ProjectDto implements Serializable {
private final Long id;
private final String name;
private final String description;
private final Date createdAt;
private final Date updatedAt;
private final Set<UserDto> users;
}
And in my ProjectService I want to have a method which creates a project having any sent users assigned to it. However, my question is should my front-end send to my back-end a set of user objects or is better to send a set of IDs of the users I want to assign to this project ? Is it not better to actually have this DTO returned when a project is created and have another DTO with a set of user ids for when I want to create a project ?
Solution
You cannot trust data from front-end and you need to apply validations for the request body, include Set<UserDto> users
, and to validate the users
, you have to fecth from DB (or other sources).
And using Set<?> userIds
also need to fetch from DB, but you don't have to add more code to do validate the DTO and validating the IDs is more simple and easy to maintain. Using userIds
is also to make sure the users
that set to project
are entities that fetched from DB. It also keeps the FE code simpler (I hope) as not having to build the (DTO) object
Answered By - Sann Tran
Answer Checked By - Robin (JavaFixing Admin)