Click here to Skip to main content
14,303,684 members
Rate this:
Please Sign up or sign in to vote.
See more:
I'm going to develop a web application that will take care of permissions,
it means that there is an administrator that have all permissions in the site, an unregisterd user that have some permissions, retgisterd user and so on..
My question is what is the design pattern that corresponding to the situation??
Thank you.
Rate this:
Please Sign up or sign in to vote.

Solution 1

You can potentially model this with the Actor Role pattern. You can find more information here[^].
Sander Rossel 18-Apr-11 16:57pm
Oops, that link appears to be broken :(
I was actually quite interested in it as well ;)
Pete O'Hanlon 18-Apr-11 17:01pm
There. The editor seems to have borked it - it's sorted now.
Sander Rossel 18-Apr-11 17:09pm
Nice one :)
Espen Harlinn 18-Apr-11 18:17pm
Liked it too, my 5
Good known formal approach, my 5, too.
But look at my answer as well: I point out what to start with, practically. I think it's pretty interesting, too, based on my experience.
Rate this:
Please Sign up or sign in to vote.

Solution 2

Pete offers you a robust analysis method — use it.

I will give you only one idea, but it should help you to avoid one common fallacy.
Here is the fallacy: people tend to start this designs from inventing the roles they envision: administrator, engineer, manager, operator… You already started, it looks like.

Don't do it! These concrete roles may or may not be used in future. They should be more flexible than that.

Start with your application functions — they are the most stable as they reflect your application-specific functionality your application is centered around. Identify more or less independent groups activities, so withing the group one activity is impossible without the other one. The role would be a mapping of an actor onto a subset of the groups of activity.

Note, you don't even have to create the roles — your customer can do it based on the structure of their organization. Give them a meta-data tool to create them! They will have fun clicking the activities and adding them to the role they want to invent. For you it will be easy enough; and you will avoid artificial decisions.

Good luck,
asaffff496818 19-Apr-11 3:53am
You mean that I should develop the application without taking paying attention to the roles??
and then what?
It's not about the order of development, this is about the analysis. But yes, develop application without restriction first, by design it keeping the groups or functionality with different permission in mind. When you have application working, start adding limitations per functional group. Again, introduce permission but consider leaving the roles to the customer.

This is what happens on the user side: By default, all is permitted after installation, then the admin makes a role with maximum permissions and add all other roles.

asaffff496818 19-Apr-11 4:59am
Thank you very much... if you have some guide or tutorial about how to make it step by step or just something more detailed it can help very much.
And again thank you.
Sergey Alexandrovich Kryukov 19-Apr-11 12:46pm
I don't know such thing, maybe because this is mostly application-specific. For the method, I would use the Solution by Pete (maybe he knows some other sources to read; they are certainly available).

Are you going to formally accept my Solution?
Thank you.
BobJanova 19-Apr-11 5:16am
Excellent answer.

I actually had exactly this experience with a web app I wrote. I began by providing what could be termed 'roles' (in forum terms it is known as a 'mask' but essentially the same thing), and access to various parts of the app based on role level. In the end it became too inflexible and I rebuilt the access control with flags for various groups of tasks, and each role becomes simply a collection of flag values.
Sergey Alexandrovich Kryukov 19-Apr-11 12:47pm
Thank you, Bob.
This looks like a natural situation. The approach "start from the function" always helps, as well as separation-of-concerns thinking.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100