Home/ Questions/Q 755465
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T15:07:59+00:00

I’ve never seen this done but I had an idea of doing authorization in

  • 0

I’ve never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user’s rights). For example:

class User
{
    private deleteMemberDelegate deleteMember;

    public StatusMessage DeleteMember(Member member)
    {
        if(deleteMember != null) //in practice every delegate will point to some method, even if it's an innocuous one that just reports 'Access Denied'
        {
            deleteMember(member);
        }
    }

    //other methods defined similarly...

    User(string name, string password) //cstor.
    {
        //wire up delegates based on user's rights. 
        //Thus we handle authentication and authorization in the same method.
    }

}

This way the client code never has to explictly check whether or not a user is in a role, it just calls the method. Of course each method should return a status message so that we know if and why it failed.

Thoughts?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is basically the null object pattern for authorization. It’s an interesting idea if you can figure out a way to design StatusMessage such that the calling code doesn’t need special cases. For instance, for certain actions, you’ll want to indicate “You can’t do that as a guest, but would you like to login or sign up for an account?” So certain StatusMessages might need to redirect to a login/sign up page.

    • 0