My personal idea is two implementation ideas The first way you do it in the dao layer is like this. In this way, after the service gets the id of the operating user through the session, you add the author id when operating the database at the dao layer and give it to the front end. The interface is to pass the article id to the backend. The second way to do it in the dao layer is to get the author id corresponding to the article id in the service layer and judge whether the operating user id and the author id match. If they match, call the dao layer to delete. If it doesn’t match, an error will be returned. The front-end interface still passes the article id
Didn’t pay attention to your comment
So let me explain my thoughts again. I think the method you mentioned is better. First, do the judgment logic in the service. The Dao layer focuses on operating the database, and it is also convenient to rewrite the judgment logic. At the same time, it can also return prompts for incorrect operations. If you say that the second method can also judge and throw an exception to tell the user that the operation is wrong, it just puts the judgment on the Dao layer. It is similar to the second method I mentioned. First fetch, then judge, and then delete. Then it is better to hand over the judgment logic to the service layer. Of course, if the delete operation can return the number of operated data, then you can also choose the second method. If 0 pieces of data are operated, then It means that the article does not belong to the user who operated it, but that is also very painful. After the deletion operation is completed, I will tell you that this article does not belong to you and you cannot operate it. It is weird when you think about it A little personal opinion, I disagree. If so, you can continue the discussion
If a blog corresponds to one author, you can directly consider the second method. The implementation is logically simple, and it can also reduce the number of database queries.
If the system considers that other administrators besides the author can operate the blog system, consider method 1, This has good scalability, and is more convenient when modifying and deleting requirements.
——Guess from a person who has never done a blog system
To prevent other authors from deleting articles by modifying the id parameter, you need to first determine in the service that the article belongs to the current author
In this operation, no matter how you pass parameters, you have to check it.
Then the problem is simple. The question becomes whether to get the authorId from the session or from the query string.
Based on my experience of blogging for many years. Popular blogging program is used in 两个参数都从query string里面传递。但是,不是强制的。也就是你只传postId也是可以的。之所以这样做。是为了有更多的参数可以供自定义url format.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
My personal idea is two implementation ideas
Didn’t pay attention to your commentThe first way you do it in the dao layer is like this. In this way, after the service gets the id of the operating user through the session, you add the author id when operating the database at the dao layer and give it to the front end. The interface is to pass the article id to the backend. The second way to do it in the dao layer is to get the author id corresponding to the article id in the service layer and judge whether the operating user id and the author id match. If they match, call the dao layer to delete. If it doesn’t match, an error will be returned. The front-end interface still passes the article id
So let me explain my thoughts again. I think the method you mentioned is better. First, do the judgment logic in the service. The Dao layer focuses on operating the database, and it is also convenient to rewrite the judgment logic. At the same time, it can also return prompts for incorrect operations. If you say that the second method can also judge and throw an exception to tell the user that the operation is wrong, it just puts the judgment on the Dao layer. It is similar to the second method I mentioned. First fetch, then judge, and then delete. Then it is better to hand over the judgment logic to the service layer. Of course, if the delete operation can return the number of operated data, then you can also choose the second method. If 0 pieces of data are operated, then It means that the article does not belong to the user who operated it, but that is also very painful. After the deletion operation is completed, I will tell you that this article does not belong to you and you cannot operate it. It is weird when you think about it
A little personal opinion, I disagree. If so, you can continue the discussion
Personal feeling,
If a blog corresponds to one author, you can directly consider the second method.
The implementation is logically simple, and it can also reduce the number of database queries.
If the system considers that other administrators besides the author can operate the blog system, consider method 1,
This has good scalability, and is more convenient when modifying and deleting requirements.
——Guess from a person who has never done a blog system
In this operation, no matter how you pass parameters, you have to check it.
Then the problem is simple. The question becomes whether to get the authorId from the session or from the query string.
Based on my experience of blogging for many years. Popular blogging program is used in
两个参数都从query string里面传递。但是,不是强制的。也就是你只传postId也是可以的。之所以这样做。是为了有更多的参数可以供自定义urlformat.