문제
This may be a philosophical question, but I thought I'd ask it here since I'm suffering from a bit of analysis paralysis.
I'm currently working on a browser based game (Client-side HTML/Javascript, and WCF Web Services to reach the backend) and I'm trying very hard to have a nice, rich Domain Model.
So here's my question. I have a class called Squadron
https://stackoverflow.com/questions/23522904
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpublic class Squadron
{
public string SquadName { get; set; }
public User Owner { get; set; }
public int XPosition { get; set; }
public int YPosition { get; set; }
public int XTarget { get; set; }
public int YTarget { get; set; }
}
The Squadron is owned by a User
public class User
{
public string Username { get; set; }
public string Password { get; set; }
public string Email { get; set; }
public int UserID { get; set; }
public List<string> Roles { get; set; }
}
I also have a Squadron repository that returns a fully populated Squadron object, based on it's ID. I have a webservice (basically, GetSquadron) that should return the Squadron. However, the attached User object has some information that I probably don't want exposed to any client (Password, as an obvious example). Although it seems that Password should be a part of this Domain object...it doesn't seem like something I always want populated.
I've considered adding another layer of logic (after the Domain object has been populated) that will ensure that the calling user has access to certain fields, but I was wondering what best practices I can find in the community. I tried Googling but I haven't had much luck.
Thanks!
EDIT: Before anyone harps on it, the password is hashed. I never store a clear-text password in the database. I just figured that I probably shouldn't be returning the password, encrypted or not.
EDIT 2 (Phillip): I've populated the User object because I do need a couple of those fields down in the client side (Username and UserID, and possibly Email). Maybe creating some DTO's is the answer to the problem. I guess I thought it'd be nice to have a common model across all layers.
해결책
I would consider substituting the Owner (User) property for the UserID property. I don't see any real reason that you would need the entire User object in Squadron. However, I don't know your design or intent well. It is also a very bad practice to pass around a user password even if it's encrypted.
If you do need the Person details in the Squadron object I'd suggest creating a new Person view model that does not include the user Password.
다른 팁
I agree with PhillipPDX about not passing around the password, but I would be hesitant to use DTOs to pass data from a web service.
If I'm understanding that tech right, you would create the DTO, serialize the object which is then returned by the web service. Typical object serialization tends to carry a lot of overhead and results in larger amounts of data being returned from the service, and an object that requires .Net on the client side to deseralize the data back into an object (DTO).
A more modern approach would be to use something like NewtonSoft's JSON Serializer to convert the POCO (Plain Ol' C# Object) into a JSON string which is then returned by the web service. Since your game is browser / Javascript based JSON would be a natural fit for this use case.
