5

Assume there is an Employee class, one of the business requirements is that the EmployeeName becomes unique. Now using the 3 Tier Architecture,

Tier 1 : Presentation
Tier 2 : Domain Model + Data Service Classes (Business Logic Layer)
Tier 3 : Data Access Classes + Stored Procedures (Data Access Layer)

Since the requirement above is a business requirement, where do you think the best place to put this rule is?

Option 1 : Unique key constraint in the database

Option 2 : Checking condition in the Data Service class in the business layer in order to keep the business logic encapsulated in this layer regardless of the data layer being used?

Ondrej Tucny
  • 27,626
  • 6
  • 70
  • 90
Sisyphus
  • 900
  • 12
  • 32

1 Answers1

7

In all three layers. However, what's important is the frequent fact that validation requirements (=the actual data constraints) differ from layer to layer. This because of the differing context and designed system boundaries.

In your example, the validation may be as follows:

  • Tier 1: Presentation layer — validate that the name has been entered, i.e. a text box in the user interface is not empty, and has a maximum of 100 characters.
  • Tier 2: Business logic layer - validate as above, plus it consists of at least two tokens separated by a white space, plus first and last names are a real first and last names (chek against some name database).
  • Tier 3: Data layer - database integrity constraint that the respective field is not empty and has a maximum length of 100 characters.

The result is, that from a database perspective you check for a reasonable amount of constraints to keep the system consistent, but don't assume what's a matter of a higher-order logic. In fact, you don't limit future changes unnecessarily. From the business logic perspective, there's the complete set of constraints enforced. And, finally, from the presentation logic perspective, you don't overvalidate: only the simple validations to reduce unnecessary traffic to the business logic are performed, possibly preventing exceptions from the business logic layer, not duplicating anything more complex.

As a rule of thumb, it's always best practice to provide detailed validations at the facade of the business logic layer. That's the place where the (potentially untrusted) presentation layer and/or 3rd party (which may be just another corporate system) API consumers connect.

Further, some specific comments to the options you outlined in your question:

Option 1 : Unique key constraint in the database

Not only. It would work from the data correctness point of view, but by relying solely on database constraints, you are loosing semantics and would struggle providing a human understandable error message. Further, every bad input would travel down to the database, opening a potential hole for DoS attacks that could harm the whole technology stack.

Option 2 : Checking condition in the Data Service class in the business layer in order to keep the business logic encapsulated in this layer regardless of the data layer being used?

Yes, see above. However, don't compromise security, performance, and user experience by avoiding at least the basic, simple-to-evaluate validations in the presentation layer.

Ondrej Tucny
  • 27,626
  • 6
  • 70
  • 90
  • @Downvoter Thanks for your downvote. Any explanation, please? – Ondrej Tucny Jan 12 '14 at 11:17
  • thanks alot for taking the time to write this long descriptive answer it was really useful to me. but is it ok to add this extra database traffic to check for name duplication before every insert/update? i have couple more questions, what kind of common constraints you think should ideally be placed in the database? also about the relation between presentation layer validation and business layer validation, you think all logic based validation like for example birth date that should not be more than certain date should be placed at business layer? – Sisyphus Jan 13 '14 at 14:08
  • thanks for the downvoters my account can't post any new questions any more, i really don't understand what is wrong with my question to deserve 2 down votes! – Sisyphus Jan 13 '14 at 14:14
  • 1) Don't worry about any extra database traffic, as long as you do the simple validations at the presentation layer, effectively preventing invalid data from entering the business logic layer. 2) Constraints in the database: consider "technical" constraints to keep data consistent. 3) all validations shall be in the business layer, plus (some or all of them) duplicate in the presentation layer. 4) I don't understand the birthday example. – Ondrej Tucny Jan 13 '14 at 14:55
  • 2) could you please give me some of the common examples to make it more clear. 4) for example birth date can't be in 2015 since we are still living in 2014, or in more tight example were employees should be at least 18 year old then the birth date must be prior to today minus 18 years etc. – Sisyphus Jan 13 '14 at 15:00