

Is there a term/concept/pattern for pushing authorized actions onto an object? - harrylove

E.g., instead of an object asking, "am I authorized to do this?" over and over again within the context of an application, everything it is allowed to do is pushed to it upon authorization.<p>Does that make sense? Please forgive my naivety and fumbling attempt at an explanation.<p>What do you call this? I'm interested in finding software patterns that implement this.
======
vyrotek
I depends what it means to be 'authorized' to do something. Do your want to
object to only 'know' how to do something it is authorized to do? You might be
able to borrow some ideas from the Strategy Pattern to accomplish this. You
could assign the object specific strategies for certain tasks based on the
permissions you determined and then for the life of the object it would know
what it could do and how to do it.

~~~
harrylove
Yes, I only want the object to "see" code it has access to and I don't want to
accomplish this by asking "can I access this method/function?" every time I
call it. For example, when I repeatedly attempt to perform a task that would
be granted to the "Admin" role, I don't want the code to ask me if I'm an
admin, or part of a group of admins, or if my role is able to access methods
granted to admins, etc. By virtue of me logging in, the app instance should
reconfigure itself for admins. When someone else authenticates with a
different role (or roles) the app should configure itself for that purpose.

There would never be any unauthorized code access, technically speaking. There
may be instances of stolen identity, of course, in which case the
authentication would be valid (or hacked) but the application code would align
itself with the role granted to the identity.

I'm not concerned with any particular practical implementation or application,
really. I'm thinking mostly about architecture and design and programming
style.

Thanks for the hint on the strategy pattern.

