当前位置: 文江博客话题详情

确定复杂的安全性和权限

发布于 2024-11-27 09:28:52 字数 516 浏览 0 评论 0原文

我参与了一个项目,该项目有一个混乱的类,该类将按钮写入页面。该应用程序是一个文档管理器,有一个弹出按钮列表,例如下载、电子邮件和打印。根据用户的角色和文档的状态,会显示不同的按钮。

在其他 WTF 中,有这样的事情:

bool showEditButton = document.docTypeId == documentEnum.docType.text && 
( document.statusId == documentEnum.docStatus.Editable || (user.UserStatus == userEnum.Status.SuperUser) || ( user.UserID == document.CreatedByUserId ) )

等等,直到我无法弄清楚发生了什么。

我不知道这是否只是更深层次的架构缺陷的副作用,或者是否有一个好的方法来处理检查权限和状态值的混合。我是否应该将所有这些疯狂的条件放入一个方法中然后忘记它?但这并不利于下一个继承该项目的程序员。

原文

I've been put on a project that has a messy class that writes buttons to a page. The app is a document manager and has a popup list of buttons, such as download, email, and print. Depending on the user's roles, and the state of the document, different buttons are displayed.

Among other WTFs is something like this:

bool showEditButton = document.docTypeId == documentEnum.docType.text && 
( document.statusId == documentEnum.docStatus.Editable || (user.UserStatus == userEnum.Status.SuperUser) || ( user.UserID == document.CreatedByUserId ) )

And so on and so forth until I can't figure out what's going on.

I don't know if this is just a side effect of a deeper architectural flaw, or if there's a good method to deal with checking a mixture of permissions and status values. Should I just put all of these crazy conditions in a method and just forget about it? That doesn't benefit the next programmer to inherit the project though.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

凉宸 2024-12-04 09:28:52

在您的示例中,这只是一堆布尔逻辑,但可以通过 Compose 方法重构来清理可读性。如果您有一个接受文档和当前用户主体的类,那么您可能会得到类似的内容:

public class DocumentPermissions
{
    private Document document;
    private User user;

    public DocumentPermissions(Document doc, User currentUser)
    {
        document = doc;
        user = currentUser;
    }

    public bool ShouldShowEditButton()
    {
        if(!IsTextDocument())
        {
            return false;
        }
        return IsSuperUser() || IsDocumentOwner() ||  DocumentIsEditable();
    }

    private bool IsTextDocument()
    {
        return document.docTypeId == documentEnum.docType.text;
    }

    private bool IsSuperUser()
    {
        return user.UserStatus == userEnum.Status.SuperUser;
    }

    private bool IsDocumentOwner()
    {
        return user.UserID == document.CreatedByUserId ;
    }

    private bool DocumentIsEditable()
    {
        return document.statusId == documentEnum.docStatus.Editable ;
    }
}

显然这是很多代码,所以我希望您可以重用许多私有方法。

It's just a bunch of boolean logic in your example, but the readability could be cleaned up with a Compose Method refactoring. If you had a class that accepted a document and the current user principal, then you could have something like:

public class DocumentPermissions
{
    private Document document;
    private User user;

    public DocumentPermissions(Document doc, User currentUser)
    {
        document = doc;
        user = currentUser;
    }

    public bool ShouldShowEditButton()
    {
        if(!IsTextDocument())
        {
            return false;
        }
        return IsSuperUser() || IsDocumentOwner() ||  DocumentIsEditable();
    }

    private bool IsTextDocument()
    {
        return document.docTypeId == documentEnum.docType.text;
    }

    private bool IsSuperUser()
    {
        return user.UserStatus == userEnum.Status.SuperUser;
    }

    private bool IsDocumentOwner()
    {
        return user.UserID == document.CreatedByUserId ;
    }

    private bool DocumentIsEditable()
    {
        return document.statusId == documentEnum.docStatus.Editable ;
    }
}

Obviously this is a lot of code so I hope you can make reuse of many of the private methods.

回复 原文
疯了 2024-12-04 09:28:52

或者你可以使用:

bool showEditButton = (document.statusId == documentEnum.docStatus.Editable); //show if Editable..
showEditButton |= (user.UserStatus == userEnum.Status.SuperUser); //or a superuser or
showEditButton |= (user.UserID == document.CreatedByUserId); //the Creator
showEditButton &= (document.docTypeId == documentEnum.docType.text); //and a text Doc

虽然,我更喜欢瑞安的答案,但我会以另一种方式抛弃它,这种方式至少更具可读性,并为一些评论提供更好的位置。

Alternatively you could use:

bool showEditButton = (document.statusId == documentEnum.docStatus.Editable); //show if Editable..
showEditButton |= (user.UserStatus == userEnum.Status.SuperUser); //or a superuser or
showEditButton |= (user.UserID == document.CreatedByUserId); //the Creator
showEditButton &= (document.docTypeId == documentEnum.docType.text); //and a text Doc

Although, I prefer Ryan's answer, I will throw this out for another way that is at least marginally more readable and give a better spot for some comments.

回复 原文
江湖彼岸 2024-12-04 09:28:52

您暂时拥有它;如果你被分配去重构它,那就重构它。如果您有其他更紧迫的问题,请处理它们,但如果可以的话,您应该花业余时间重构它(不要做得太好,他们可能会让您成为永久所有者)。关于您的其他问题,安全等,信息不足。

http://en.wikipedia.org/wiki/Refactoring

You own it for the time being; if you've been assigned to refactor it, refactor it. If you have other more pressing issues, deal with them, but you should take your spare time to refactor it if you can (Don't do TOO good a job, they might make you permanent owner). Regarding your other questions, security etc., not enough info.

http://en.wikipedia.org/wiki/Refactoring

回复 原文
往昔成烟 2024-12-04 09:28:52

老实说,示例代码看起来还不错。我当然见过更糟糕的情况。

它非常易读,并且没有“魔术字符串”或“魔术数字”。我相信您可以找到更紧迫的清理机会。

To be honest, the example code doesn't look too bad. I've certainly seen a lot worse.

It's quite readable and has no "magic strings" or "magic numbers". I'm sure you can find more pressing opportunities for a clean-up.

回复 原文
~没有更多了~

关于作者

小镇女孩

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文