Where should validation be implemented?

[MysterDru]

I'm wondering where validation of models for the POST PUT and DELETE operations is intended to be implemented. Typically when creating an API, I would add validation in the controller action or as an action filter on the controller. However, with the patterns that the server toolkit perscribes to, this isn't really feasible.

I'm looking at validation for things like Foreign Key enforcement of properties on the model.

Right now, I'm considering a custom repository that throws and HttpException with a BadReuest status code, but I don't know how that will propegate down do the client side implementation when doing a sync.

There doesn't seem to be an example of how to do this in the tutorials site.

[adrianhall]

You can do it with a pre-execution hook inside an access control provider, or you can create your own custom repository (which is probably the best idea).

[monkeyK1n9]

I have a question about custom repository. If I want to soft delete in the custom repository and I have SoftDelete true in the controller options, how do I go about to do it in the custom repository ?

Deleting the object will be updating the Deleted property to true or actually deleting and the TableController will figure out that it is a soft delete ?

[adrianhall]

When dealing with soft-delete, a delete becomes a replace with Deleted=true on the object. You don't need to do anything special in your repository to support soft-delete.

[monkeyK1n9]

Thanks Adrian