0

A n-tier layer project.

In businesslayer, there is a inherited Class Called BaseEdit which contains contractor and base properties.

There are about 30 CustomEdit (inheriting classes), all of them has methods "Load","Save" and "Delete".

The require for this existing system is to add a readonly user.

Possible solutions considering the cost of works:

1) Modify the BaseEdit so all CustomEdit can stay the same. The system will check 'user role' in session by using httpcontext then to accept or reject the user's action.

So Question1: Can vb.net achieve this?

'BaseEdit

Public Function Save() Boolean
 'check session in BusinessLayer, if it is ready only user
 'then Validation is false
End Function

'CustomEdit 

Public Function Save() Boolean
 'Proceed the save
End Function

But when I invoke CustomEdit.Save(), the BaseEdit.Save() will not be invoked. Seems vb.net doesn't support this kind of partial methods. Is there a way to achieve this without changing CustomEdit?

2) In SQL Server, Check Session States and restrict user access to Insert or Update StoredProc. Question 2: Should it be taken place in SQL Server? Anyone has experiences about this? Any comments for advantage/disadvantage?

Question 3:In my opinion, the user restriction should be achieve in web layer or the Business layer by authentic controls. Someone told me the security access stuff should be as close as to the database, is it right?

Dan An
  • 424
  • 9
  • 27
  • Don't add C# tag just for attracting more attention. You are explicitely asking for VB.NET. – Tim Schmelter Feb 20 '12 at 14:18
  • So you've overridden `Save` but want the base classes `Save` to be called. Then either don't override it or call `base.Save()`. – Tim Schmelter Feb 20 '12 at 14:23
  • @Tim Schmelter I modified the question a bit. The save() in BaseEdit is still not called, if I call Custom.Save() and without saying BaseEdit.Save() in Custom.Save(). – Dan An Feb 20 '12 at 14:36

1 Answers1

0

This question seems very similar to this, and I believe the answer would be valid for you too. Modify BaseEdit to be the only class with Save(), in which you call the abstract "ProtectedSave()", which all base classes must implement. That way you control what and which methods are executed in the Save() function.

Community
  • 1
  • 1
Simon Wilson
  • 9,929
  • 3
  • 27
  • 24
  • Oops, thought this had C# in the tags...not sure about VB, if it does inheritance then this should be valid – Simon Wilson Feb 20 '12 at 14:42
  • Thx, I see ur mean. Called BaseEdit.Save() and process the "InternalSave()". It's good but the drawback is need to change the name of "Save()" in every CustomEdit. – Dan An Feb 20 '12 at 15:45
  • Or I'm trying to add this check in constructor. – Dan An Feb 20 '12 at 15:47
  • Then you will have to change all implementations of Save() in the CustomEdit class to call base.Save(). Can't think how to do it without changing code. – Simon Wilson Feb 20 '12 at 21:08
  • Resharper has a nice feature for this where you change the name on the base class and it will reflect across your solution...maybe worth a try – Simon Wilson Feb 20 '12 at 21:09