CRUD Pattern – Alert nr. 1

Let’s start with a common pattern used in our database entities and consider the following table definition:

I’m expecting that MyEntity was created in a Core Service module and would be defined as Public and Exposed as Read Only.
If so, then you might have created an action to Create or Update a record in that table such as:

Do you see a problem here?

If you pay close attention, this action is allowing change the CreatedBy and CreatedOn fields with an update. Please note that CreatedBy and CreatedOn should be immutable data.

How can you prevent this?

In the update branch you need to load existing record from database and use the existing CreatedBy and CreatedOn information before calling UpdateMyEntity action. This is the only way you can effectively prevent that nobody changes the information within a record update.

Immutable data should be immutable
Tiago

2 thoughts on “CRUD Pattern – Alert nr. 1”

Peter Saints says:

07/03/2024 at 23:30

I actually like to have audits in a separate entity. A two phase commit problem might arise but an event driven arch helps to resolve that problem.
Duarte Oliveira says:

13/03/2024 at 20:10

You should use GetForUpdate instead of the aggregate to avoid data inconsistency

Comments are closed.