How to pass Current User Information to all Layers in DDD

by

My approach might not be ideal, but I find it working quite well. Thing what I did – I decided not to use dependency injection pass current user everywhere directly because that was getting too cumbersome and switched to static context. Problem with contexts – they are a bit difficult to manage.

This one is defined in my domain:

public static class UserContext{
  private static Func<User> _getCurrentUser;
  private static bool _initialized;
  public static User Current{
    get{
      if(!_initialized) 
        throw new Exception("Can i haz getCurrentUser delegate?");
      var user=_getCurrentUser();
      return user??User.Anonymous;
    }
  }
  public static void Initialize(Func<User> getCurrentUser){
    _getCurrentUser=getCurrentUser;
    _initialized=true;
  }
}

Note that delegate is static – for whole app only one at a time. And I’m not 100% sure about it’s life cycle, possible memory leaks or whatnot.

Client application is responsible to initialize context. My web application does that on every request:

public class UserContextTask:BootstrapperTask{
 private readonly IUserSession _userSession;
 public UserContextTask(IUserSession userSession){
   Guard.AgainstNull(userSession);
   _userSession=userSession;
 }
 public override TaskContinuation Execute(){
   UserContext.Initialize(()=>_userSession.GetCurrentUser());
   return TaskContinuation.Continue;
 }
}

Using mvcextensions library to stream-line bootstrapping tasks. You can just subscribe for according events in global.asax for that.

In client side (web app), I implement application service named IUserSession:

public User GetCurrentUser(){
  if(HttpContext.Current.User==null) return null;
  var identity=HttpContext.Current.User.Identity;
  if(!identity.IsAuthenticated) return null;
  var user=_repository.ByUserName(identity.Name);
  if(user==null) throw new Exception("User not found. It should be. Looks bad.");
  return user;
}

There is some more lame code necessary in order to use forms auth with roles w/o membership provider and role provider. But that’s not the point of this question.

At domain level – I’m explicitly describing permissions that users might have like this one:

public class AcceptApplications:IUserRights{
  public bool IsSatisfiedBy(User u){
    return u.IsInAnyRole(Role.JTS,Role.Secretary);
  }
  public void CheckRightsFor(User u){
    if(!IsSatisfiedBy(u)) throw new ApplicationException
      ("User is not authorized to accept applications.");
  }
}

Cool thing is – those permissions can be made more sophisticated. E.g.:

public class FillQualityAssessment:IUserRights{
  private readonly Application _application;
  public FillQualityAssessment(Application application){
    Guard.AgainstNull(application,
      "User rights check failed. Application not specified.");
    _application=application;
  }
  public bool IsSatisfiedBy(User u){
    return u.IsInRole(Role.Assessor)&&_application.Assessors.Contains(u);
  }
  public void CheckRightsFor(User u){
    if(!IsSatisfiedBy(u))
      throw new ApplicationException
        ("User is not authorized to fill quality assessment.");
    }
  }

Permissions can be checked vica versa too – User has these fellas:

public virtual bool HasRightsTo<T>(T authorizationSpec) where T:IUserRights{
  return authorizationSpec.IsSatisfiedBy(this);
}
public virtual void CheckRightsFor<T>(T authorizationSpec) where T:IUserRights{
  authorizationSpec.CheckRightsFor(this);
}

Here’s my aggregate root base class:

public class Root:Entity,IRoot{
  public virtual void Authorize(IUserRights rights){
    UserContext.Current.CheckRightsFor(rights);
  }
}

And here’s how I check permissions:

public class Application{
  public virtual void Accept(){
    Authorize(new AcceptApplications());
    OpeningStatus=OpeningStatus.Accepted;
  }
}

I hope that helps…

More Related Contents:

  1. Making Entity Class Closed for Changes
  2. Refactoring code to avoid anti-pattern
  3. DDD Approach to Access External Information
  4. Polymorphism: Is ORM entity a Domain Entity or Data Entity?
  5. Can't find the source of .NET error, need Help
  6. IPC Mechanisms in C# – Usage and Best Practices
  7. C# 3.0 auto-properties — useful or not? [closed]
  8. When should I use “using” blocks in C#? [duplicate]
  9. Escape command line arguments in c#
  10. Kill process tree programmatically in C#
  11. Format a date in XML via XSLT
  12. How do I determine a mapped drive’s actual path?
  13. How does WCF deserialization instantiate objects without calling a constructor?
  14. How to check if IEnumerable is null or empty?
  15. Compare String and Object in C#
  16. What does denote in C# [duplicate]
  17. Dynamic button creation & placing them in a predefined order using c#
  18. Finding out if a type implements a generic interface
  19. convert datetime to date format dd/mm/yyyy
  20. Show controls added programmatically in WinForms app in Design view?
  21. Can I Override with derived types?
  22. Application_Error in global.asax not catching errors in WebAPI
  23. Know when to retry or fail when calling SQL Server from C#?
  24. .NET Short Unique Identifier
  25. How do you get XML comments to appear in a different project (dll)?
  26. Expression for Type members results in different Expressions (MemberExpression, UnaryExpression)
  27. MessageBox buttons – set language?
  28. Differences in development between .NET and Mono
  29. Why are signed assemblies slow to load?
  30. What does “Beta: Use Unicode UTF-8 for worldwide language support” actually do?

Leave a Comment