Access control for objects
Is it possible to restrict the functionality of a class to only certain objects (in C ++). What does this mean, suppose there are 10 methods in a class, and this class has 10 objects. Is it possible to have objects 1 and 2 for only 3 functions. Object3, object4, object5, object6 access 6. and other objects access all functions?
I am trying to implement an access control system where general users can only see some limited functionality. Pre-provisioned users may have slightly more access, and administrators have access to all features.
One approach is to use inheritance, something like this:
PublicFeatures class {public:
// add some methods here; };
class ProtectedFeatures: public PublicFeatures {public:
// add some more methods; };
class AdminFeatures: public ProtectedFeatures {public:
// add other methods here; };
In this case, we create objects of any of the three classes depending on the type of access level required. But what I think only has one class and somehow restricts access to some methods for that particular object.
Can this be done? or should I take a different approach to implement access control?
source to share
As far as I know, no. It is, however, part of the research on oriented programming. I've seen something like what you need in this book: Aspect Oriented Software .
The main problem you are facing is not knowing the "who is the caller" of your function. You can agree by requiring each caller to call your object methods, passing in this
as a form of authentication about themselves. Far from ideal, but with this solution, you can wrap each method in a preliminary method that does the ACL.
Another alternative would be to declare your implementation class completely private in terms of methods, and define a "bodyguard" class, declared a friend of the first. The bodyguard class makes calls on behalf of the caller (who is the only one authorized to make, because of the friend's declaration). You still have an authentication problem and basically wrap your entire target class behind a bodyguard object.
source to share
The access levels of class members have nothing to do with users and security restrictions. They are really just coding constructs, not something you can use at runtime. The compiler will either allow or prevent you from calling the function when compiling your code. If it compiles your program, you can run it, otherwise it can't. There is no meaningful way to add to any conventions or application logic.
But what I think only has one class and somehow restricts access to some methods for that particular object.
Yes, this is what you should be doing. The language won't help, but you can just keep track of the method calls yourself. As is the case, don't even try to call the administrative method if the user is not an administrator.
if (user.isAdministrator()) {
securityLogs.archiveAndDelete();
}
else {
throw SecurityException("You can't do that!");
}
source to share