With the current project I’m working on there’s an architecture question being asked which feels like it might just be asking too much.
System Basics:
- HTML/JS MVVM
- Asp.net MVC
- Web Services
- EF
- SQL 2012
The Web Services deal with DTOs passed back and forth either to the presentation layer (MVC or mobile app) or to various other external services.
The big question at the moment is whether it’s possible to somehow define our DTOs in such a way as to include all Validation and Authorisation rules. This then needs to be carried into, for example, our MVC presentation layer or View Models. The idea here is that we’ll end up with 1) Validation rules on the ViewModel which then plug into the MVC framework 2) Only fields that the user is allowed to edit should be shown as editable.
Some have mentioned Fluent or other mechanisms that will consist of an extra definition class somewhere used define these rules, then during compilation code may be injected into various view model classes or base view model classes are generated which one can inherit from.
The overall objective is to keep validation and ‘data authorisation’ (can user X edit fields 1, 2 and 3 based on their permissions/roles) rules in one place.
Is this stretching it, or is it possible?