2013-06-10

Project sample introduction

There is a constant deja vu every time one starts a new project, and it is the authorization and authentication module, each time it is the same specially if you are building an enterprise application whose security module is going to be a role based access control one.
 
Basically the following will be the user histories behind our security module.
  • As a manager, I need to create new users so I can add new subscribers to the system
  • As a manager, I need to create roles into the system so I can group different functionality through permissions.
  • As a manager, I need to register new resources to the system so I can add new functionality dynamically.
  • As a manager, I need to disable users to log in the system so I can forbid former users to enter in to the system
  • As a user, I need to reset my user password and know it via email so that I can continue using my account if I forget my password
  • As a user, I need to change my user password so that I can decide which password use to log in to the system
  • As a user, I need to login into the system to see all the resources assigned through my granted roles
  • As a user, I need to logout from the system to end the current session.

Our sample will use the following conceptual model to explain the concepts behind our sample application.


The user will represent any subject that accomplishes some role in the system, that role is enabled to him through grants, a user can have multiple grants in the system.

Any user can start a session in the system and this session will be closed registering its logout type which represent the reason why the session was closed: by a normal exit, by a time out or by a expulsion done by the admin.

A resource represents an option that will be available to the role that has a permission to that resource. The resource can be a compound resource, which means that it has other resources inside it. Finally as you can see each permission is given for reading or writing, the meaning of this will depend on the system and we of course will give one when start implementing.

Please note that in this model all associations are directed, I was one of those guys that used to avoid them and use bidirectional associations trying to make the programming job "easier", and yes, maybe it is easier to get an object or a collection of objects directly via a getter method or avoiding to write a query, but it is also a common source of "n+1" problems in your code, so, study carefully each association and include the real ones.

Posted by at No comments:
Subscribe to: Comments (Atom)