First Post here on the Forum.
For a REST Project, I have the following question regarding the management of ACL.
(Project Used: Symfony Rest Edition)
Let's put it simple, we have a Product Object.
The Product belongs to a shop.
The Product is linked to a Supplier.
The Supplier also belongs to a shop.
On the POST Product:
- Among others, we receive an ID of supplier to link. (Product->Supplier)
- How should we check that the supplier exists & belongs to the shop?
-> Should it be integrated into the Form validation?
-> Should it be carried out by the ProductManager? (and maybe should call the SupplierManager->GetSupplier($id) to verify it exits?)
-> Should it be carried out somewhere else?
-> Or maybe the implementation itself is erroneous?
Thank you for your help!