0

I am working on an Angular (v6) project on ASP.NET MVC for backend and Entity Framework. Sometimes a have some CRUD operations that updates only 2-3 fields on an entity and in this situation I may be confused about which approach would be better for best practices for this scenario. As an example, let's say I have a Employee entity with the following properties shown below:

Employee: Id, Status, Name, Surname, Job, Department, HireDate, BirthDate, Address, Updated...

Assuming update for Status, Department and Updated field, I can perform this for the following approaches:

Approach I:

I can create an instance of employee.ts file and fill it in component.ts by only the fields to be updated and then pass it to service.ts and pass to the Controller.cs. In the Controller I receive the model as Employee entity model and set Updated field in the Controller and pass this Employee entity to the Service.cs and then save this entity using the related EF methods.

Approach II:

I just send Id, Status and Department values from Component.ts to service.ts and then pass to the Controller as int values (Id's). Then in the controller create a new instance of the Employee.cs entity and fill these 3 fields and Updated field. Then pass this entity to the Service.cs and then save this entity using the related EF methods.

Approach III:

Same as approach II until Controller.cs. Then pass these 3 parameters to the Service ts and then retrieve the Employee from database via the Id parameter. Then set the other fields and save the entity.

I think 3 of them can be used but not sure which one is better for this scenario in Angular projects with EF? Any help would be appreciated...

Improve this question

1 Answer 1

Reset to default
1

Approach 3, or

Approach 4: Create an UpdateEmployeeViewModel with the PK & fields you want to update to populate in your TS, pass to the controller which validates the data, loads the entity, transfers the appropriate values and saves. When it's one or two columns then Approach 3 is fine. If it grows to more than that then I typically opt for #4.

I would avoid approach 1 at all costs. It is too convenient to have code trust the entity passed from the client. The call to your service can be intercepted and adjusted so if you server code accepts an entity you may easily find code that does a DbSet.Update or DbSet.Attach which could result in tampered data being persisted to the database.

Approach 2 also leaves issues when performing updates as an entity should always reflect its data row. Creating an entity and only partially filling it then attempting to update the data state could result in unintentional updates such as clearing out values. Down the road you may have other common methods that would accept an entity as a parameter but you have cases where the passed entity may be complete (loaded from DB) vs. incomplete (constructed by an update method)

Loading an entity by ID is quite fast so there is rarely a need to over-optimize. It also can help to check the row version # to ensure that the version of the entity you are updating matches the version still in the DB. (Did someone else update this row since you initially sent it to the client?)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Many thanks for your answer and detailed explanations, voted up. On the other hand, could you pls clarify me about these issues? I think in approach 4, I should only include the fields that to be updated in the model.ts and ViewModel.cs. Is that true? If so, then I can use this approach for various update scenario for updating some other 2-3 fields of this entity (for example update address, update department, etc.
Yes, with approach 4 I'd keep scenarios or operations as separate view models rather than one view model with many null-able fields, and just the fields that are getting updated and respective IDs. I use one view model (or set of view models) to represent just the data that the view needs to display, then declare JS/TS models with matching view models for each operation I trigger from the client. This prevents exposing more info than needed about my system, and limits tampering. Separate models mean each only has one reason to change and easier to ensure they are always in a valid state.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.