11:30 use DTOs and map the model or use private setters as in DDD to enforce business rules.. i mean forget about security for a second.. who does this kind of endpoint anyway? you gotta have zero knowledge of APIs, even the juniors know about DTO.
I’ve seen this a few times. It remains in codebases often from a “if it ain’t broke don’t fix it” mentality. There’s a lot of bad code out there and I’ve written quite a bit myself. It happens but a good organization will prudently fix bad patterns as they are discovered, or they will open an item in the backlog to keep track of issues if they expand the scope of the story too much
11:30 use DTOs and map the model or use private setters as in DDD to enforce business rules.. i mean forget about security for a second.. who does this kind of endpoint anyway? you gotta have zero knowledge of APIs, even the juniors know about DTO.
I’ve seen this a few times. It remains in codebases often from a “if it ain’t broke don’t fix it” mentality. There’s a lot of bad code out there and I’ve written quite a bit myself. It happens but a good organization will prudently fix bad patterns as they are discovered, or they will open an item in the backlog to keep track of issues if they expand the scope of the story too much
These assumptions sound really ridiculous