I want to ensure that users only commit validated data to the database. To this end, I added a boolean to an entity. When the entity passes the validations successfully, this boolean is set to true. Then, in a before commit event, I check if the boolean is true. If so, the commit continues, otherwise, it doesn't. If I set the before commit event to raise an error, and I save without validations, I get an error in my UI that says: "An error has occurred while handling the request." If I set the before commit event to not raise an error, and I save without validations, I get an error in my UI that says: "Undefined". The way I trigger this save without validations is by sending a commit action with the GUID of my object to the Mendix Business Server (and this entire construct is to specifically block this call, would there be a more elegant solution for this?). Therefore, I cannot use error handling in a microflow. How can I change either of these messages to something meaningful?
Rom van Arendonk
This question is based on the observation that any user can always do a commit on an object to which he has write access (a user who has a session can send JSON to the Mendix Business Server with a Commit command and a GUID). This commit call does not call any validations: it simply commits the object to the database. This could in theory lead to corrupt data in the database.
Originally, I wanted to display a proper error message when such a situation would occur. On closer evaluation, this is not necessary: if a user is sending custom JSON messages to the server, it is okay if an ugly error is shown, because this is not a scenario which we support.
My final solution to this problem (a user being able to send JSON Commit messages) is two fold:
If there are no other event handlers defined on an entity, I add an event handler which always returns false.
If there are other event handlers defined on an entity, I add an event handler described in my original post, by checking the HasBeenValidated boolean.
Furthermore, I submitted a support ticket to Mendix, to be able to specify commit rights on an entity, just like a business engineer can specify create and delete rights on an entity. This would mean that a user without such rights could only commit objects through a microflow which is executed with the 'apply entity access' setting set to false. By only allowing commits through microflows, I can ensure that all data is validated before I commit it to the database.