I’m facing an architecture problem.
I have to manage rights for users with interdictions and authorizations on some ressources.
I want a method to get the real applicated rights for a ressource (the interdiction has priority over the authorization).
Is it better to have a class RightsManager with a method get_rights(user)
or to have a class User with a method get_rights()
I think the second solution is better because it has less parameters, but it’s strange to have the rights management in the model User class. Isn’t more logical to have it in a class RightsManager ?
My program is in python, but I think it doesn’t matter.
The user entity can exists without rights and therefore it’s better not to couple user with rights. Maintain the rights separately from User and pass the user as a param when calling get_rights. If this turns out to be verbose you can extend RightsManager to something like UserRightsManager where the user can be passed during initialization and the user can be used internally when querying for rights.
I have used Zend_Acl in the passed quite extensively and found their architecture quite intuitive and effective. Perhaps you might want to check it out before going further http://framework.zend.com/manual/1.12/en/zend.acl.advanced.html