简体繁体 English

身份验证和授权服务的类图

[英]Class Diagram for Authentication and Authorization Service

原文 2017-09-28 04:48:29 5 2 oop/ design-patterns/ uml/ class-diagram/ role-base-authorization

This is the scenario这是场景

The system has two main users the SYSTEM USER and END USER.系统有两个主要用户，SYSTEM USER 和END USER。 An end user is further divided into two users named CLIENT USER and INTERNET USER, client user is associated in database accessible account while internet user is not.最终用户进一步分为两个用户，名为 CLIENT USER 和 INTERNET USER，客户端用户关联到数据库可访问帐户，而 Internet 用户则不是。

All users are classified into different ROLES, And each role is associated with a set of accessible MODULES, and different modules contain different FUNCTIONS like view, add, edit and delete functions.所有的用户被划分为不同的角色，每个角色都与一组可访问的模块相关联，不同的模块包含不同的功能，如查看、添加、编辑和删除功能。

Different roles may be associated with different functions in modules.不同的角色可能与模块中的不同功能相关联。 Sample Super Admin role may access and do add edit delete function in user access module while Power User may only access it or view it.示例超级管理员角色可以在用户访问模块中访问和添加编辑删除功能，而高级用户只能访问或查看它。

When User logs-in the security service would authenticate the user with username and password.当用户登录时，安全服务将使用用户名和密码对用户进行身份验证。 If it is authenticated, it will look up the roles associated with the user and display the granted modules on screen for users to select for access.如果通过身份验证，它将查找与用户关联的角色并在屏幕上显示授予的模块供用户选择访问。

I have created a simple class diagram containing the fields or attributes per class, I am just not sure if it is correct, like the connectors or relationship implemented, the cardinality and the methods per class, I have only input the method for one class and that is for login (login()) method.我创建了一个简单的类图，其中包含每个类的字段或属性，我只是不确定它是否正确，例如实现的连接器或关系、每个类的基数和方法，我只输入了一个类的方法和即用于登录 (login()) 方法。

2 个解决方案

I can see a couple of things wrong with your model:我可以看到您的模型有一些问题：

What are those filled arrows supposed to be?那些填充的箭头应该是什么？ If you mean Inheritance then you have to used a non filled arrowhead.如果您的意思是继承，那么您必须使用未填充的箭头。
Is LOGIN also a user? LOGIN 也是用户吗？ There's something weird about that.这有什么奇怪的。 I would expect login() to be a operation somewhere taking a username and password as parameters, not necessarily a class on it's own, and I probably wouldn't model it with attributes UserName and Password.我希望 login() 是一个以用户名和密码作为参数的操作，不一定是它自己的一个类，我可能不会用属性 UserName 和 Password 对其进行建模。
If all the subclasses of USER have a UserName and Password.如果 USER 的所有子类都有用户名和密码。 Don't you think you should define those on the class USER?你不认为你应该在类 USER 上定义那些吗？
Are USER and END USER supposed to be concrete or abstract? USER 和 END USER 应该是具体的还是抽象的？ Seems like they might need to be abstract.似乎他们可能需要抽象。
Classes are generally named in the singular form.类通常以单数形式命名。 So rather use ROLE instead of ROLES所以宁可使用 ROLE 而不是 ROLES
What is the roleID doing on the class USER? roleID 在 USER 类上做什么？ That seems wrong.这似乎是错误的。 If you are using UML then don't put foreign key field on your classes.如果您使用 UML，则不要在您的类上放置外键字段。 RoleID is an attribute of ROLE and should not be on USER. RoleID 是 ROLE 的一个属性，不应在 USER 上。
Why do you need all those ID attributes?为什么需要所有这些 ID 属性？ If you are modelling on a logical level you can assume that each class has a unique identity and you don't need to worry about the technical implementation of that identity (string, GUID, ...).如果您在逻辑级别上建模，您可以假设每个类都有一个唯一的标识，并且您无需担心该标识的技术实现（字符串、GUID 等）。 If on the other hand you are making a technical model then you are missing about 70% of the details.另一方面，如果您正在制作技术模型，那么您会遗漏大约 70% 的细节。

I would do something like that :我会做这样的事情：

You get users who can login and who have different roles, when you execute a function (renamed service), the Service gets its module and request the module to check if the session user has the right to execute the Service.你得到可以登录的用户和不同角色的用户，当你执行一个函数（重命名的服务）时，服务获取它的模块并请求模块检查会话用户是否有权执行服务。

Does this help you ?这对你有帮助吗？