Databases Reference
In-Depth Information
FIGURE 9.7
Changing visibility of entity property setter.
In the code generated by the Entity Designer, the
OrderStatus
property now looks similar
to the following pseudo-code:
property byte OrderStatus { get;
internal
set; }
Changing visibility of a property setter to
internal
makes the property read-only outside
of the assembly where its class is defined. As a result, the presentation layer, the
WebApplication
project in our sample, can continue using a read-only property for display
and filtering purposes. However, only the business logic layer, the
DataModel
project in
our sample, can change its value.
NOTE
Making state properties of entities read-only does not offer bulletproof protection
against malicious code. For instance, in a full-trust application, this particular security
block can be circumvented using Reflection. However, combined with other security
measures, some of which are discussed in Chapter 14, “Implementing Security,” this
approach helps to
improve
security of a well-written application.
Implement State Transitions and Validation in Business Rule Methods
When state properties cannot be modified outside of the business layer, validation of state
transition can be separated from validation of entity persistence. You can validate state
transitions in the business rule methods, leaving the responsibility for persistence valida-
tion to the entities.
For example, because the
OrderStatus
property is now read-only, you do not need to
worry about somebody (a user) or something (incorrect code) changing it from
Fulfilled
back to
Paid
when validating the Order entity. To ensure that an order can be fulfilled
only once, you can have the
FulfillOrder
method check that the current
OrderStatus
is
Paid
: