c# - Permission based security model -
in windows forms payroll application employing mvp pattern (for small scale client) i'm planing user permission handling follows (permission based) implementation should less complicated , straight forward.
note : system simultaneously used few users (maximum 3) , database @ server side.
this usermodel. each user has list of permissions given them.
class user { string userid { get; set; } string name { get; set; } string nic {get;set;} string designation { get; set; } string password { get; set; } list <string> permissionlist = new list<string>(); bool status { get; set; } datetime entereddate { get; set; } } when user log in system keep current user in memory.
for example in bankaccountdetailentering view, can control permission access command button follows.
public partial class bankaccountdetailentering : form { bool accounteditable {get; set;} public bankaccountdetailentering () { initializecomponent(); } private void bankaccountdetailentering_load(object sender, eventargs e) { cmdeditaccount.enabled = false; onloadform (sender, e); // event fires... if (accounteditable ) { cmdeditaccount.enabled=true; } } } in purpose relevant presenters (like bankaccountdetailpresenter) should aware of usermodel in addition corresponding business model presenting view.
class bankaccountdetailpresenter { bankaccountdetailentering _view; bankaccount _model; user _usermodel; dataservice _dataservice; bankaccountdetailpresenter( bankaccountdetailentering view, bankaccount model, user usermodel, dataservice dataservice ) { _view=view; _model = model; _usermodel = usermodel; _dataservice = dataservice; wireupevents(); } private void wireupevents() { _view.onloadform += new eventhandler(_view_onloadform); } private void _view_onloadform(object sender, eventargs e) { foreach(string s in _usermodel.permissionlist) { if( s =="caneditaccount") { _view.accounteditable =true; return; } } } public show() { _view.showdialog(); } } so i'm handling user permissions in presenter iterating through list. should performed in presenter or view? other more promising ways this?
thanks.
"the presenter acts upon model , view. retrieves data repositories (the model), , formats display in view." - mvp
so presenter formats data, me looks presenter contains kind of business logic - checks if user can modify account. if forget check in 1 of forms? should in underlying layer (probably, service).
Comments
Post a Comment