Design question

albruan posted on Tuesday, December 05, 2006

I have a question on whether I should use an EditableRootList or an EditableRoot for retrieving data for the security portion of an app.  I've attached a JPEG of my database diagram.  My question is: which BusinessBase class type should I use for accessing UserRoles and RolesDepartments objects?  I want to be sure that an assignment of a user to a UserRole doesn't already exist before attempting to add it; additionally, I want to be sure that a RolesDepartments doesn't already exist before attempting to add another one. 

ajj3085 replied on Tuesday, December 05, 2006

Hi,

The answer lies within your use cases, not your database design.  How will your uses be working with user roles and department roles?  Post your use cases for managing security in your application, and we'll be better able to help you.

Andy

albruan replied on Tuesday, December 05, 2006

Let's say the administrator wants to assign a role to a user.  I have a dialog box with two dropdown lists, one each for users and for roles.  The admin selects a user and a role and clicks a button to assign the role to the user...pretty much the same as in PTracker; however, I want to perform a check against all previous assignments to verify this one doesn't exist prior to attempting to persist it to the database.

Where RolesDepartments is concerned, I'm attempting to assign a role to a department.  I have a sproc that selects a user and determines if that user's role has access to a certain department.  So, if I want to see if the user is an estimator in the electrical department, I execute a statement such as: bool isPermitted = IsPermitted("estimator", "electrical"); and it returns a true or false for isPermitted.

ajj3085 replied on Tuesday, December 05, 2006

albruan:

Let's say the administrator wants to assign a role to a user.  I have a dialog box with two dropdown lists, one each for users and for roles.  The admin selects a user and a role and clicks a button to assign the role to the user...pretty much the same as in PTracker; however, I want to perform a check against all previous assignments to verify this one doesn't exist prior to attempting to persist it to the database.

This would best be acomplished by creating a command object that checks this before you save.  However, there is still a small possibility that someone else will create that data before your first user saves it and your save will thrown an exception... so it doesn't seem worth it in this case to build the command object unless you're going to call it on every drop down selection change..

albruan:

Where RolesDepartments is concerned, I'm attempting to assign a role to a department.  I have a sproc that selects a user and determines if that user's role has access to a certain department.  So, if I want to see if the user is an estimator in the electrical department, I execute a statement such as: bool isPermitted = IsPermitted("estimator", "electrical"); and it returns a true or false for isPermitted.

That doesn't sound like you're assigning a role to a department, it sounds like you're checking that the user has a role and is a member of a particular department.  In that sense, a department would be a role in and of itself (semantically, not necessarly stored that way in your db, but your BOs could make it appear as though departments are roles).

At any rate, forget your db for the moment and design objects to acomplish the tasks in your use cases.  Then worry about how they will get or store the relevent data.

HTH
Andy

albruan replied on Tuesday, December 05, 2006

I've had to add an additional table to the database due to a many-to-many relationship between Users and Departments.  I've been rethinking this whole thing and kind of mentally set it on the back burner while working on a few other things.