Design question...
-
I am a newbie at design, and I've been studying design patterns but I can't figure what to do in this case. I have a security object that has properties for a list of fields that also happen to be the properties of another object. class security { //"true" value for each property means yes, user has permission to access these fields in client bool ssNumber; bool hourlyRate; bool dateOfBirth; //getters and setters, functions to pull data from database, etc. } class empInfo { string ssNumber; decimal hourlyRate; DateTime dateOfBirth; //getters and setters, functions to pull data from database, etc. } I need empInfo to be aware as to which of its properties are considered permissible for access by a particular user. What would be the best way to tell if a particular property in empInfo is allowed access by the user? Should empInfo be extended to include security class and then when empInfo is instantiated and populated, grab security data then? Since each field represents a datacolumn on the web, I would like to keep as much data manipulation in the middle tier as possible. Thanks in advance!
-
I am a newbie at design, and I've been studying design patterns but I can't figure what to do in this case. I have a security object that has properties for a list of fields that also happen to be the properties of another object. class security { //"true" value for each property means yes, user has permission to access these fields in client bool ssNumber; bool hourlyRate; bool dateOfBirth; //getters and setters, functions to pull data from database, etc. } class empInfo { string ssNumber; decimal hourlyRate; DateTime dateOfBirth; //getters and setters, functions to pull data from database, etc. } I need empInfo to be aware as to which of its properties are considered permissible for access by a particular user. What would be the best way to tell if a particular property in empInfo is allowed access by the user? Should empInfo be extended to include security class and then when empInfo is instantiated and populated, grab security data then? Since each field represents a datacolumn on the web, I would like to keep as much data manipulation in the middle tier as possible. Thanks in advance!
What do you think of this (pseudocode)?:
class empInfo { string ssNumber; decimal hourlyRate; DateTime dateOfBirth; securitySetter(empInfo) { securityCollection = security.getSecurity(empInfo); foreach (property prop in empInfo) { foreach {securityItem sItem in securityCollection) { if (sItem.access(prop)) { set.prop = "Not accessible"; //or set a code that I can read in the asp.net/forms interface in the datagrid } } } return empInfo } }
---- I'm concerned about handling the database calls, since building the securityCollection requires a trip to the database, then building the empInfo object requires a trip to the database. Or maybe this cannot be avoided. Cacheing security information for objects would also be memory intensive? Oh, and important...how can I do this so that ALL empInfo objects in a collection are taken care of for a particular session at one time, without having to re-set for each instantiation? Any advice is appreciated.