Authorization in a more purely OOP style...

Posted by noblethrasher on Stack Overflow See other posts from Stack Overflow or by noblethrasher
Published on 2010-05-01T02:03:30Z Indexed on 2010/05/01 2:07 UTC
Read the original article Hit count: 284

Filed under:

authorization

|

oop

|

ASP.NET

|

mvc

|

c#

I've never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user's rights). For example:

class User
{
    private deleteMemberDelegate deleteMember;

    public StatusMessage DeleteMember(Member member)
    {
        if(deleteMember != null)
        {
            deleteMember(member);
        }
    }

    //other methods defined similarly...

    User(string name, string password) //cstor.
    {
        //wire up delegates based on user's rights. 
        //Thus we handle authentication and authorization in the same method.
    }

}

This way the client code never has to explictly check whether or not a user is in a role, it just calls the method. Of course each method should return a status message so that we know if and why it failed.

Thoughts?

© Stack Overflow or respective owner

Related posts about authorization

Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
Implementing OAuth Authorization on Social Networks

as seen on Internet.com - Search for 'Internet.com'
Walk through all the necessary steps for implementing the OAuth token-based authorization system—a perfect security solution for the social networking age—on both the consumer and provider sides. >>> More

Related posts about oop

php variable scope in oop

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I wonder if anyone can help out here, I'm trying to understand how use an objects properties across multiple non class pages,but I can't seem to be able to get my head around everything i have tried so far. For example a class called person; class person { static $name; } but i have… >>> More
Some solid OOP criticism?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I want to ask you to provide me with some articles (maybe books), which you possibly have found very convincing criticising the OOP methodology. I have read some in the WWW on this topic and I didn't really find a 'definitive demotivator'. It's not much about my personal attitude to the OOP… >>> More
How can i handle a form submit using REAL OOP in PHP

as seen on Stack Overflow - Search for 'Stack Overflow'
Im used to java and creating UML.. and i was wondering how can PHP be OOP, the objects live only until you make a request.. then they destroy, so if im using a database is useless to create a class and add the members (variables) to the class, they will be useless.. i cant pass the main system object… >>> More
I dont understand Access modifiers in OOP (JAVA)

as seen on Stack Overflow - Search for 'Stack Overflow'
I know this is a silly question but i don't understand Access Modifiers in OOP. Why do we make for example in JAVA instance variables private and then use public getter and setter methods to access them? I mean whats the reasoning/logic behind this? You still get to the instance variable but why use… >>> More
Do you need a good background in OOP before moving to frameworks?

as seen on Stack Overflow - Search for 'Stack Overflow'
Frameworks being all OOP, would it not be wise to go into frameworks without having a solid background in OOP? I can write basic classes but nothing too fancy or abstract. How much should I know of OOP before moving to frameworks? Right now I am PHP Object-Oriented Programming to learn OOP. >>> More