CODEWITHSUNDEEP
viewbusiness-logic
fernando1979
fernando1979

Reputation: 1947

Presentation logic or business logic?

Lets imagine I have three buttons in my html page. The first button is for selecting a car, the second is for renting that car and the next button is for paying the rent. All the three buttons make an ajax request to do some business logic in the server. When the user press the first button and the ajax request is ok, I enable the second button and disable de first button and the same for the second and third. By default all buttons are disabled. This enabling or disabling is in javascript if the ajax requests are ok. I think the enabling or disabling buttons or permissions, is bussiness logic and should be present not in the view but in the server. I mean, would not be better to make an ajax request to get the permissions the user has according to the operations he has already done?

Thanks a lot

Upvotes: 0

Views: 325

Answers (2)

Luke T Brooks
Luke T Brooks

Reputation: 557

If you want your server side code to decide on whether to display the next button you could do something like this:

$.get("/api/yourController/yourMethod")
    .success(function (response) {
        if (response == true){ //change this for your unique decision logic
            // execute show button code
        }
    });

Based on the data you return from your server in the response object, you can control whether your next button appears in your HTML.

Upvotes: 1

Sam Hartman
Sam Hartman

Reputation: 6509

There are two answers I have:

  • It is entirely reasonable to have an ajax request to get the available state transitions. You talk about this as if it is permissions, but that's not really true. Permissions are state that differs between users based on what that user is permitted to do. This is what operations are valid given a particular state based on business rules, which is a fine thing to have a request to get.

  • That said, by the time you're using AJAX, it's common to have an MVC pattern on the client as well as server. That is, you have some view and controller logic in your HTML page in addition to the view logic. This logic implements some business rules. Angular and other client-side frameworks make patterns like this explicit. In such an application the server view layer is thin. It is still important to make sure that important business rules are enforced in your server so that an attacker cannot subvert those rules on the client. In such an application, it would be entirely reasonable to have buttons enabled on the client side so long as the server made sure you did not rent or pay for a car without selecting it.

Upvotes: 1

Related Questions