Question

Define error message in before commit event

2

I want to ensure that users only commit validated data to the database. To this end, I added a boolean to an entity. When the entity passes the validations successfully, this boolean is set to true. Then, in a before commit event, I check if the boolean is true. If so, the commit continues, otherwise, it doesn't. If I set the before commit event to raise an error, and I save without validations, I get an error in my UI that says: "An error has occurred while handling the request." If I set the before commit event to not raise an error, and I save without validations, I get an error in my UI that says: "Undefined". The way I trigger this save without validations is by sending a commit action with the GUID of my object to the Mendix Business Server (and this entire construct is to specifically block this call, would there be a more elegant solution for this?). Therefore, I cannot use error handling in a microflow. How can I change either of these messages to something meaningful?

asked 2014-09-24

Rom van Arendonk

1 answers

Rom van Arendonk · Answer 1 · 2015-05-01

This question is based on the observation that any user can always do a commit on an object to which he has write access (a user who has a session can send JSON to the Mendix Business Server with a Commit command and a GUID). This commit call does not call any validations: it simply commits the object to the database. This could in theory lead to corrupt data in the database.

Originally, I wanted to display a proper error message when such a situation would occur. On closer evaluation, this is not necessary: if a user is sending custom JSON messages to the server, it is okay if an ugly error is shown, because this is not a scenario which we support.

My final solution to this problem (a user being able to send JSON Commit messages) is two fold:

If there are no other event handlers defined on an entity, I add an event handler which always returns false.
If there are other event handlers defined on an entity, I add an event handler described in my original post, by checking the HasBeenValidated boolean.

Furthermore, I submitted a support ticket to Mendix, to be able to specify commit rights on an entity, just like a business engineer can specify create and delete rights on an entity. This would mean that a user without such rights could only commit objects through a microflow which is executed with the 'apply entity access' setting set to false. By only allowing commits through microflows, I can ensure that all data is validated before I commit it to the database.