1

I follow clean arch / solid principles on my entire stack. I'm coming across a situation where I want to embed an UUID in some of my entity id fields in the domain logic, for example:

  • Create OrganizationEntity id=abc123
  • Create a ItemEntity and embed the OrganizationEntity 's id that owns that ItemEntity in the id field when it's created, ie: Item.id = itm-abc123-sdfnj344 I'm thinking of going this route so that I can reduce the amount of DB lookups to see if someone has access to a ItemEntity - if the client request belongs to OrganizationEntity then I can pattern match abc123 on both the client request session id and the requesting record for ItemEntity ... this would greatly improve performance.

Is this a known pattern/implementation? Are there any concerns or gotchas?

Cory Robinson
  • 4,616
  • 4
  • 36
  • 53

1 Answers1

1

Try to keep your domain model as close to the language of the domain experts as you can. So if an Item belongs to an organization it is ok to have a reference id in the Item. But if an item belongs to another domain object and this one belongs to an organization you should not reference the organization in the item domain object because of performance (persistence) reasons.

You said that you want to check if someone has access to the ItemEntity. This means that there is a kind of context in which ItemEntity objects are accessible.

I see 3 options to implement such a context:

  1. a repository api that has a organization id argument

    public interface ItemRepository {
    public List<ItemEntity> findItems(...., organizationId);
}

    When you pass the organization id on every repository call, the repository is stateless. But it also means that you must pass the organization id from the controller to the use case and then to the repository.

  2. a repository that is bound to an organization

    public ItemRepository { private UUID organizationId; // constructor omitted here

        public List<ItemEntity> findItems(...){}

    }

    When you create a repository that is bound to an organization, you must create it when you need it (and also the use case), because it is stateful. But you can be sure that noone can get items that he is not allowed to see.

  3. organization id in a call context

    When the controller is invoked it takes the organization id from the session, puts it in the call context and calls the use case. In Java you would use a ThreadLocal. You can also implement this as an aspect and apply it to every controller (AOP). The repository implemetation can then access the call context and get the organization id and use it in it's queries or filter the items before returning them.

    This option will allow you to access the organization id in every layer that is in the flow of control, e.g. in all use cases, entities, repositories or when you call an external service.

In all three cases you can avoid to put the organization id in the item just for database access reasons.

René Link
  • 48,224
  • 13
  • 108
  • 140