Open nisi opened 12 years ago
I'd recommend to create a AuthenticationController placed in the BusinessLayer below the UseCaseLayer (as planned) and access this controller from other usecase controllers.
This will solve the problem where to get the data from, but there's still a need of a session/context like behavior. My idea would be to implement a ApplicationContext class which stores singletons for all controllers. All usecase controllers get a reference to this ApplicationContext during creation. (Base class for controllers with a constructor for setting and a protected getter for accessing this context). Upper layers (like the RMI service) can hold an instance of this ApplicationContext and do the session management.
Example Scenario:
ActivityController.java:
public void save() {
if(getApplicationContext().getAuthenticationController().canDo(CREATE_ACTIVITY)) {
throw new SecurityException("Current user does not hve the permission to create an activity");
}
currentActivity.setCreator(getApplicationContext().getAuthenticationController().getCurrentUser());
}
AuthenticationController.java:
public boolean canDo(String roleKey) {
return _currentUser != null && _currentUser.hasRole(roleKey);
}
In the case of a new Rental (any activitiy in general), the system user who creates the rental is saved in the activity. However, we currently do not have any way of identifying and setting the corresponding system user. Issue arose due to saving the creator of an activity while renting a medium.
Some kind of session or something, which is accessible in use case controllers, is necessary. I'm aware that user authentification will only be implemented in a later time box, but this'll server as a reminder.