1

My intranet site uses LDAP and Active Directory to authenticate users. There are 2 kinds of Users: Managers and Employees. They are differentiated by having membership in a particular AD group.

In an effort to improve my code I'm trying to use (hopefully appropriately) formal design patterns. I think perhaps a Finite State Machine might work here. But I'm not sure which of the following models (or some other entirely) would be best:

  1. 2 transitions with simple conditions

    Unlogged --- auth==TRUE---> Employee ---group==TRUE---> Manager

  2. 1 transition with a compound condition

    Unlogged --- auth==TRUE && group==FALSE---> Employee

    Unlogged --- auth==TRUE && group==TRUE---> Manager

The first feels cleaner. The second is closer to what should actually be happening. Am I on the right track? Would a different design pattern entirely be better?

asked May 22, 2013 at 14:33
5
  • 1
    I'd guess that there will eventually be more than 2 groups. If so, how would that affect your design? Commented May 22, 2013 at 14:35
  • 1
    I think the first step would be to modify the group to be a number or a string instead of a bool. Then, I think I'll go with a simple Profile object. Finite State Machine is more for gaming or application where you have a lot of state that affect the logic of the application. Commented May 22, 2013 at 14:49
  • @DanPichelman: I suppose more groups are always possible. But in all cases, the Controller will always need to know a)is the user logged in? and b) if he is, does the user have access? Commented May 22, 2013 at 14:54
  • If you have employees who are also managers, put them in both groups, grant permissions for whatever actions you want to each group and base your access on that. You're trying to shoehorn something that should be very simple into a construct designed for responding to a stream of inputs. That isn't going to end well. Commented May 22, 2013 at 15:06
  • 1
    This question is asking about a design pattern for data access rights. Commented May 22, 2013 at 15:46

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.