c# - Design Pattern to check user access permissions .net -

c# - Design Pattern to check user access permissions .net -

i apologize if has been asked before looking around in stackoverflow couldn't find reply question.

i have scheme composed of accounts. each business relationship can have several users , each user can interact each other long belong same account. users different accounts can't perform actions on each other. in addition, have roles such admin, regularuser, etc these roles limited each account. thse roles don't allow users different accounts perform actions on other accounts.

i looking way implement permissions. before performing action, allow "add new user" want check if user performing action, has necessary access level (based on different rules such role, action type, if belong same account, etc).

i set quick illustration of how current code sort of looks.

public interface iuserservice { void add(user newuser); void method1(); void method2(); etc } public interface iaccountservice { void create(account newaccount); void method1(); void method2(); etc } public interface iuseraccessservice { bool canperformaction(int requesterid, otherparameters); } public class userservice { private readonly iuseraccessservice _useraccessservice; public userservice(iuseraccessservice useraccessservice) { _useraccessservice = useraccessservice; } public void add(user newuser) { if (!_useraccessservice.canperformaction(xxx)) throw; adduser... } public void method1() { if (!_useraccessservice.canperformaction(xxx)) throw; dosomething... } public void method2() { // not check if user can perform action dosomething... } }

i looking way create sure, whoever implements interface, doesn't forget check permissions. can see in code above, add together , method1 require check method2 doesn't.

i thinking of using template design pattern in order accomplish (see below), however, doesn't best approach.

public abstract class userservicebase { public abstract void add(user newuser); public abstract void method1(); public abstract void method2(); public abstract bool canperformaction(int requesterid, otherparameters); etc public void addtemplatemethod(user newuser) { if (!canperformaction(newuser.id, otherparamters) throw; add(newuser); } public void method1templatemethod() { if (!canperformaction(someparameters) throw; method1(); } } public abstract class userservice : userservicebase { public override void add(user newuser) { add together user... } public override void method1() { something... } public override void method2() { something... } }

with code above, @ to the lowest degree check if user can perform action or not, say, doesn't seem me best way it.

in case helps, using autofac ioc , using c# .net 4.5.

any advice appreciate it.

thank in advance.

ps. not sure explained myself well, please allow me know if need farther info or clarification.

you utilize decorator pattern in this question, question implies, works best in conjunction command / query pattern. alternative utilize interception.

whichever method take though, don't set cross-cutting concerns in base of operations class can lead god object.

c# .net design-patterns user-permissions