G
giddy
hi,
(I want someone to check if my idea is utterly stupid or ok??)
I have a mid complex app for a hotel that needs a fine grained user
security system. In other words an admin should be able to deny/grant
specific access to users like Ability to make a Reservation or the
ability to print reports.
Now, I'm thinking the business objects could take something like:
enum UserPrivileges { various privileges....... };
IPrivilegedUser
{
public UserPrivileges Privileges
{
get;
}
}
The user class inherits from this interface, the business objects
could take this user in a function and return true/false as per the
needed privileges, or maybe throw an exception:
User user1 = new User(); //class User inherits from IPrivilegedUser
and loads the right privileges from the DB
Reservations.LoadPrivileges(user1);//check the returned value..??
Reservations.EditReservation() // calling this should fail if the
privileges are not enough!?
Is this a good enough design, will it break apart somewhere or is
there a better way to do this?
Declarative security like CAS in .NET would be an overkill since its
not a very large app, but I do need the design to be flexible enough
so that if the app does grow big I'm not in a mess.
Thanks
Gideon
(I want someone to check if my idea is utterly stupid or ok??)
I have a mid complex app for a hotel that needs a fine grained user
security system. In other words an admin should be able to deny/grant
specific access to users like Ability to make a Reservation or the
ability to print reports.
Now, I'm thinking the business objects could take something like:
enum UserPrivileges { various privileges....... };
IPrivilegedUser
{
public UserPrivileges Privileges
{
get;
}
}
The user class inherits from this interface, the business objects
could take this user in a function and return true/false as per the
needed privileges, or maybe throw an exception:
User user1 = new User(); //class User inherits from IPrivilegedUser
and loads the right privileges from the DB
Reservations.LoadPrivileges(user1);//check the returned value..??
Reservations.EditReservation() // calling this should fail if the
privileges are not enough!?
Is this a good enough design, will it break apart somewhere or is
there a better way to do this?
Declarative security like CAS in .NET would be an overkill since its
not a very large app, but I do need the design to be flexible enough
so that if the app does grow big I'm not in a mess.
Thanks
Gideon