• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

what design pattern is good for this scenario ?  RSS feed

 
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wants to design a GUI that shows students' grades. When a student logs in, he can see his grades but can't change; an instructor logs in he can see and enter/modify grades; when an administrative staff loggs, he can see and delete student grades after the student leaves school but he can't modify or enter grades.

what design pattern is for such thing ?
 
Ranch Hand
Posts: 3389
Mac MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think you need a specific design pattern for this situation.

Its all about RBAC (Role Based Access Control), which you can handle it programatically by checking the user's status/permissions and decide on the action.
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One common model is a user has 0..n roles. Each role has 0..n permissions. Make a permission for anything one user can do and another cannot. The existence of a permission, say "Modify Grades", in the user's tree means he can do that.

A more complex model has an access control object instead of permission. It might Grant or Deny rights to Create, Read, Update, Delete, Execute etc on every restricted thing. Some systems take the "most restrictive" result, so if a user has Grant Modify Grades in one role and Deny Modify Grades in another, the Deny wins.

Any of that sound right for your requirements?
 
ben oliver
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Stan James:
One common model is a user has 0..n roles. Each role has 0..n permissions. Make a permission for anything one user can do and another cannot. The existence of a permission, say "Modify Grades", in the user's tree means he can do that.

A more complex model has an access control object instead of permission. It might Grant or Deny rights to Create, Read, Update, Delete, Execute etc on every restricted thing. Some systems take the "most restrictive" result, so if a user has Grant Modify Grades in one role and Deny Modify Grades in another, the Deny wins.

Any of that sound right for your requirements?



I like the idea of "Access control object", could you talk more and give an example to explian it ?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!