Friday, February 22, 2008

Incredibly Basic Design Problem

I'm working on a web application. All noteworthy data in here has been scrubbed appropriately.

This application has users. There are both external and internal users. Each user may have access to a certain subset of the application's functionality, although generally speaking internal users' functionality access is different from external users' functionality access. For instance, we might have an external user who is a customer, and another external user who is a supplier. We might have an internal user who is a sales rep, and another who provides support to the logistics team.

The question I immediately ask myself is this: Am I looking at an inheritance hierarchy, or am I looking at an opportunity for composition?

In other words, do I have:

public abstract class User {...}
public abstract class InternalUser extends User {...}
public class LogisticsUser extends InternalUser {...}

?

Or should I rely instead on composition?

public class User {
Set availableRoles = new HashSet();
}
User fred = new User();
fred.addRole(LOGISTICS);

I might consider answering this question with a look at the database tables that I'm relying on, but (1) I'm more concerned with the conceptual problem here than the implementation details and (2) in this particular case the tables are no help at all anyway.

So here is the core question: Can a user ever fill multiple roles? Java doesn't support multiple concrete inheritance, so a given user either IS a LogisticsUser or he IS a CafeteriaUser or what-have-you. If users can fill multiple roles, then I should be assigning them roles rather than slotting them in a particular concrete class.

And in this particular case, yes, some users do need to fill multiple roles (for instance, we might have a logistics support person who also has administrative authority over some of the website). So I'll be making a simple User hierarchy with a more complex collection of Roles available.

1 comment:

Bill said...

This is in fact something I had been considering as a basic philosophy for websites in general. Authentication is in general by Role, but how do you define those Roles? How hard is it for the administrator (someone with 'AddUserRole' frex) to add a user, or in fact a new Role and assign that role to users. I suspect I'm looking at it from the UI side, whereas you're looking at it from the design side. They have to meet somewhere, damnit!