Deciding user class place in the application
https://stackoverflow.com/questions/9125941
-
22-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I quite not sure about how it all should work. So I have an aggregate in my domain model (Post->Feedbacks;Post->Category). And I've been thinking about place of User class. My first thought was to implement User class using state pattern:
interface IUserRole
{
// for example we got something like this:
Boolean CanPost { get; }
Boolean CanEdit { get; }
Boolean CanFlag { get; }
void AssignRole(IUserRole role, User user);
}
public sealed class AdministratorRole : IUserRole
{
public Boolean CanPost { get { return true; } }
public Boolean CanEdit { get { return true; } }
public Boolean CanFlag { get { return true; } }
public void AssignRole(IUserRole role, User user)
{
user.Role = role;
}
}
public sealed class NewMemberRole : IUserRole
{
public Boolean CanPost { get { return true; } }
public Boolean CanEdit { get { return false; } }
public Boolean CanFlag { get { return false; } }
public void AssignRole(IUserRole role, User user)
{
throw new NotSupportedException("text");
}
}
public class User // : Entity<User>
{
private IUserRole role;
public class User(String name, String pwd, IUserRole role)
{
// ...
this.role = role;
}
public Boolean CanPost { get { return this.role.CanPost; } }
public Boolean CanEdit { get { return this.role.CanEdit; } }
public Boolean CanFlag { get { return this.role.CanFlag; } }
public void AssignRole(IUserRole role, User)
{
this.role.AssignRole(role, user);
}
public String Name { get; set; }
public String Password { get; set; }
}
On that step I've been considering to include User into domain model then to use it thru NHibernate DAL/DAO.
I've read about MembershipUser and MembershipProvider. And all authentification stuff is implemented in standard ASP.NET MVC template.
So if I use standard membership/membership-user where will the domain logic go? Should I then restrict operation over Post entity thru setting Authorize attribute on actions .. so they will work as permissions?
المحلول
Yes, in ASP.NET MVC applications, you have the ability to authorize/deny some users/roles on actions. It works with the membership provider defined in the project.
.NET is shipped by default with 2 membership providers: one for sqlserver, with some scripts to run, and another one based on ActiveDirectory membership.
You can also make your own Membership and Role providers. This way you'll have the membership provider customized for your domain objects/behavior.
