In An ORM instance, permission verification is required for the delete method. What are the advantages of this verification method?

Is it added to the controller? {Code...} is added to {code...}. If it is added to the controller, this permission verification must be added to each place that calls the delete method, which is easy to miss. If it is added to _ beforeDelete (), it will cause too much damage. Some instances... are added to the controller?

$posts = new Model()if($this->hasPermission()){  $posts->delete($key);}

Or add

function _beforeDelete(){  if($this->hasPermission()){    return true;  }  return false;}

If it is added to the controller, the permission verification must be added for each place that calls the delete method, which is easy to miss.

If it is added to _ beforeDelete (), it will cause too much damage. Some instance delete operations will be affected without permission verification.

Or are there other processing methods?

Reply content:

Is it added to the controller?

$posts = new Model()if($this->hasPermission()){  $posts->delete($key);}

Or add

function _beforeDelete(){  if($this->hasPermission()){    return true;  }  return false;}

If it is added to the controller, the permission verification must be added for each place that calls the delete method, which is easy to miss.

If it is added to _ beforeDelete (), it will cause too much damage. Some instance delete operations will be affected without permission verification.

Or are there other processing methods?

Of course, the business logic should be added to the business layer and Controller. There is no doubt.

If there is everywhere, you can use some encapsulation and use some design patterns to centralize the scattered verification code.

I personally think that the domain object is more elegant, and the verification logic will not be scattered.