groovy, grails: high level questions on extraneous properties and command objects / data binding

568 views Asked by At

Just a few high-level, hopefully very quick questions:

1) If I have a class A with a single field x, is constructing it

def A = new A(x:someVal, y:someVal) 

totally fine?

2) Related, is the following a good way to copy relevant parts of a command object into a domain object?

 def domainObject = new DomainObject(commandObject.properties).  

Where command object has extra properties. Or should it be done instead:

def domainObject = new DomainObject()
domainObject.properties['prop1', 'prop2', ...] = commandObject.properties

or ?

Thanks

1

There are 1 answers

2
ataylor On BEST ANSWER

For the first question, it's important to distinguish between a vanilla groovy object, and a grails domain object. Groovy objects with throw a MissingPropertyException. Grails domain objects will silently ignore extra properties.

Regarding the second question, initializing grails domain objects with a command object is a common pattern, and generally ok. Params can be a little bit more dangerous. A malicious user can put anything into params so it's best to explicitly spell out what properties you want to assign. Otherwise, things like timestamps and users, or even non-mapped columns like injected spring beans could be affected.