If a user has the chance of asking for his role to be changed (for example : an employee asking to be promoted to leader ). Does the action belong to the Employee or to the leader ?
You question is tagged "use-case". Int this regard, there seems to be a confusion in your question about what an actor really is. Here is what the UML specs say:
An Actor models a type of role played by an entity that interacts with the subjects of its associated UseCases. Actors may represent roles played by human users, external hardware, or other systems.
If a user changes role during the interaction with the system, in the model, it's just like another actor interacts with the system. Example:
an user interacts with the system with the role of an Employee and "executes" some use-cases corresponding to the Employee actor;
this user gets promoted to a Manager.
With the new role, the user may "exectute" use-cases associated with the Manager actor.
A same user may play several roles with the system. But this does not change the model: the model is about all the users who have a given role at a given moment, regardless of the individual who performs this role.
Now in some cases, one role is a specialization of the other. This means that all the users having one role also have the other role. A typical example is if a Manager is always an Employee. In this case, you'd show the inheritance in your use-case diagram, to avoid replicating for Manager all the association of Employee with use-cases.
If your question is not about use-cases but about classes for authorisation management, then you'd need to reformulate your question. But before, have a look at the existing questions on SO, since there are many questions about class diagrams and how to assign users authorisations.
Related
I only have to draw up a UML class design for it.
The web portal should allow the user to pick from a hotel, or flight, or car rental or all 3 or 2 out of the 3. The user should be able to search through the products as a guest but will be redirected to register or login to purchase a product, Admins are allowed to remove or add products to the productdatabase. What I initially have is a general set up of the system however I need to implement design patterns. Now I already tried singleton but I see no reason for there to be only one instance in this portal.
1st half of my UML class diagram
2nd half of my UML class diagram
I have an application where a user can be linked to several companies.
The manyToMany relationship with the company is a distinguished entity called Associate.
I'd like to give to this Associate entity the exact same role functionnality as my FOSUserBundle User entity has. Important : if a user has a role_manager for one company, it should not be given the rights to access specific features of another company he belongs to too.
Is there a clean way to do this?
I'd like to check for instance if $this->getUser->getAssociate->hasRole('ROLE_MANAGER') is true.
What if I give a role array to my entity Associate? I've read it's not secure enough? Why? What could someone do to break that security if anyway my users have to pass through FOS security login checks?
I've found an article where using a voter is suggested. But I don't want to filter routes, I really want to check the condition against the link between a user and a company, so if a voter is the solution, how would I use it?
EDIT: if a better solution not involving roles or with different logic exists, I am interested in learning about it!!
So in my case, I actually one user can actually be only linked to a maximum of 4 companies, each of a different kind defined by its category.
The official doc would suggest using ACL, defining a role for every company or store the data in the entity. cf first paragraphs of :
http://symfony.com/doc/current/cookbook/security/acl.html
I used a combination of roles and business logic. I've created roles for every type of company and since one user can only have one company per type, I just had to check for the type and the role-manager associated to the type.
See my voter here:
symfony2 call is_granted in voter : how to avoid an infinite loop?
I am in a situation in which I am supposed to model (in domain) requirement where a user can be bill admin and system admin and employee.
All the Admins can do whatever the normal user can do, but a normal user cannot do what the other roles can do. The problem is that I dont understand how I can do this by inheriting the user entity and I have read thats not a good idea, so dont want to go that way..
The Employee, System Admin and Bill Admin are different roles of a user. Any suggestions?
Update :
More Information: Given that the Employees BC and Billing BC and System BC are three different Bounded Contexts what would be the ideal way of handling the above given scenario?
It may be that you are mixing bounded concepts and the inheritance is probably not helping either :)
Typically one would have an Identity and Access Control BC. This is where we may find a User, Permission, and a Role.
Then one may have an Employee or Human Resources BC. This is where concepts such as Employee and Manager may exist.
So it may help to split these concepts.
When a new employee is registered an EmployeeRegistered event may be published by the HR BC, using a service bus, that the I & AC BC subscribes to in order to register a new user.
Hope that helps.
I'm planning to write a service of event handling (like Google's Doodle) and, in the use case diagram, I need to distinguish between registered users and not registered users.
At first, I thought that:
Registered User _ is generalization of _ Not Registered User
with the following actions:
Not Registered User ---> Registration to the service
Not Registered User ---> Partecipate to an event
Registered User ---> Login to the service
But I don't know if I didn't understand the theory behind use cases:
should I use only one actor ("User") and associate him all the actions,
or keep this generalization?
Actor can be seen as the ROLE a user plays in a system. From this statement it is already clear that the single actor ("User") version does not model your situation correctly.
Generalization between two actors gives the specialized actor access to all the use cases associated with his parent-actor. In your case I would not say that this is the case. Maybe they even have some common use cases, but they both have use cases that do not make sense for the other one. For example:
Not registered user cannot login.
Registered user cannot registrate
They roles in the system are simply very different and therefore a generalization is not the perfect solution eihter.
I would simply make 2 separate actors, that eventualy share some use cases. I will assume that Not registered user can also participate in an event (maybe restricted), just to show that they can share some use cases, without the need to use generalization:
I would say that registered and unregistered user are states of user. Actor is a behaviored classifier and can have states. I think that there is only actor named "User". Use constraints to associations connected to user and usecase to restrict user participating on individual usecase. See example below:
I'm new in UML representation. I couldn't map a UML representaion for below representation
1. Company have many users.
2. Each user may belongs to different company.
3.Each user may have different roles in different company.
If I have represent a UML diagram for this,how can we find the roles of a user in each company.
Information we get from this diagram:
1- A company can have many roles: manager, programmer are roles in company a
2- Every role belongs to one company.
3- A user may have many roles: be a consultant at company a and programmer at company b.
4- A role may be overtaken by many users: user 1 and 2 are both programmers at company a
What this diagram shows is the static structure, you cannot identify which specific user works for which specific company using a class diagram.
You can use an object diagram for that purpose, but an object diagram is useful for showing just a snap shot of the system with specific instances.