<div dir="ltr"><div>Aha thanks Ed! This is super useful - I'm not actually using Rails this time, but my way of approaching the problem was definitely informed by Warden / Cancancan and their ilk - I just don't think i'd followed that thought through to it's logical conclusions!</div><div><br></div><div>You kinda hint at this too, but this kinda pushes the problem down into that User#has_subscription? method - the user's purchased Products may or may not contain a Product which happens to have 'subscription' behaviour, but the solution kinda falls straight out of flipping the problem around this way - I just need a #is_subscription? flag on products which governs how they behave wrt authorization. nice and simple!</div><div><br></div><div>Thanks very much :-D</div><div><br></div><div>Cheers!</div><div><br></div><div>Tim<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 22 Jun 2021 at 17:10, Ed Jones <<a href="mailto:ed@error.agency">ed@error.agency</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;">Hi Tim<div><br></div><div>Are you using Rails for this stuff? Regardless of whether it's a Rails project or not, I like using Pundit for problems like this - it abstracts away the authorisation from the model quite nicely. <a href="https://github.com/varvet/pundit" target="_blank">https://github.com/varvet/pundit</a></div><div><br></div><div>So in your case you might have a <font face="Courier">BookPolicy</font> with an <font face="Courier">access?(user, book)</font> method, which might look like this:</div><div><br></div><div><div><font face="Courier">class BookPolicy</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>attr_reader :user, :book</font></div><div><font face="Courier"><br></font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>def initialize(user, book)</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>@user = user</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>@book = book</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>end</font></div><div><font face="Courier"><br></font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>def access?</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>user.has_subscription? || user.purchases.includes?(book)</font></div><div><font face="Courier"><span style="white-space:pre-wrap"> </span>end</font></div><div><font face="Courier">end</font></div></div><div><br></div><div>Then wherever you need to check if a user can access a book, you just do <font face="Courier">BookPolicy.new(user, book).access? </font>and your logic to determine that is encapsulated away nicely in the policy class. (Or if you're doing it in Rails controllers, there are helper methods).</div><div><br></div><div>This example is predicated on having some sort of way to determine if the user has a subscription or not; (assuming Rails) you could have a polymorphic association to different types of purchase to address this.</div><div><br></div><div>Not sure if this is helpful or not!</div><div><br></div><div>Ed</div><div>
<div><br><blockquote type="cite"><div>On 22 Jun 2021, at 15:43, Tim Cowlishaw <<a href="mailto:tim@timcowlishaw.co.uk" target="_blank">tim@timcowlishaw.co.uk</a>> wrote:</div><br><div><div dir="ltr"><div>Hi there folks! Hope you're all doing well.</div><div><br></div><div>I've just run into a problem / conundrum / anti-pattern / code smell that seems to recur fairly frequently in projects I've worked on of late, and which i'm not really sure how to name in order to search for an existing solution, so i figured I'd post it here in case anyone has some sensible advice, or in the hope that it provokes some interesting discussion, at least.</div><div><br></div><div>The problem basically arises when there's some 'object' in my system (using this word in the vaguest possible sense for now) which has both *data* (so fields that can be updated through an API or webapp, and which should probably be stored in a database row), but also has a one-to-one correspondence with a specific bit of behaviour, expressed as code.</div><div><br></div><div>An example:</div><div><br></div><div>I'm currently working on a project which is a digital library. It contains lots of Books:</div><div><br></div><div style="margin-left:40px"><span style="font-family:monospace">class Book < Struct.new(:id, :title, :author, :content); end</span></div><div><br></div><div>Users can buy access to these books either individually (all books are the same price), or by buying a subscription to the whole library. Forgetting the DB / ORM side of this for a sec, i'd model a toy implementation of what i want to do something like the following:<br></div><div><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace">class User</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def initialize(purchases=[])</span></div><div style="margin-left:40px"><span style="font-family:monospace"> @purchases = purchases</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"> attr_reader :purchases</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def has_access_to?(book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> purchases.any? { |p| p.grants_access_to?(book) }<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end<br></span></div><div style="margin-left:40px"><span style="font-family:monospace">end</span><br></div><div style="margin-left:40px"><br></div><div style="margin-left:40px"><span style="font-family:monospace">class Purchase < Struct.new(:product)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def grants_access_to?(book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> product.grants_access_to?(book)<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end <br></span></div><div style="margin-left:40px"><span style="font-family:monospace">end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace">class Product</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def self.price</span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise NotImplementedError<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def <a href="http://self.name/" target="_blank">self.name</a></span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise NotImplementedError</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def grants_access_to?(book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise NotImplementedError<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end<br></span></div><div style="margin-left:40px"><span style="font-family:monospace">end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace">class OneOffPurchase < Purchase</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def initialize(book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> @book = book</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"> attr_reader :book</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def self.price</span></div><div style="margin-left:40px"><span style="font-family:monospace"> 500</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def <a href="http://self.name/" target="_blank">self.name</a></span></div><div style="margin-left:40px"><span style="font-family:monospace"> "A single book"<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def grants_access_to?(other_book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> <a href="http://book.id/" target="_blank">book.id</a> == <a href="http://other_book.id/" target="_blank">other_book.id</a><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace">end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace">def Subscription < Purchase</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def self.price</span></div><div style="margin-left:40px"><span style="font-family:monospace"> 500</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def <a href="http://self.name/" target="_blank">self.name</a></span></div><div style="margin-left:40px"><span style="font-family:monospace"> "All inclusive special subscription"</span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> def grants_access_to?(book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> true<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end</span></div><div style="margin-left:40px">end</div><div style="margin-left:40px"><br></div><div>This all to me looks reasonably sensible so far, but i also want those product names and prices to be editable by site admins through our 'backoffice' webapp, so they need to be stored in the DB, and this is where I have trouble finding a solution i'm happy with. Naively I could have an ActiveRecord type object and a fairly simple dispatch mechanism to the code that works out the permissions, but this has some fairly obvious flaws:</div><div><br></div><div style="margin-left:40px"><span style="font-family:monospace">class Product < Struct.new(:unique_key, :name, :price, :book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> def grants_accesss_to?(other_book)</span></div><div style="margin-left:40px"><span style="font-family:monospace"> if unique_key = :one_off && book.present?<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> <a href="http://book.id/" target="_blank">book.id</a> == <a href="http://other_book.id/" target="_blank">other_book.id</a></span></div><div style="margin-left:40px"><span style="font-family:monospace"> elsif unique_key == :one_off</span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise "oops! we're in a totally inconsistent state<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> elsif unique_key == :subscription && book.present?<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise "yep, this makes absolutely no sense either"</span></div><div style="margin-left:40px"><span style="font-family:monospace"> elsif unique_key == :subscription</span></div><div style="margin-left:40px"><span style="font-family:monospace"> true</span></div><div style="margin-left:40px"><span style="font-family:monospace"> else</span></div><div style="margin-left:40px"><span style="font-family:monospace"> raise "this isn't even a real product type. hopeless."<br></span></div><div style="margin-left:40px"><span style="font-family:monospace"> end<br></span></div><div style="margin-left:40px"><span style="font-family:monospace">end</span></div><div><br></div><div>aside from all the brittleness and smells that you can see above, this is also kinda useless in a bunch of respects - we can't add new product types without making a change to the codebase, we have to do a bunch of convoluted validation to avoid all the various possible inconsistent states we can get into above, and our codebase is tightly coupled to the value of that unique_key database field, which i'm very suspicious of?</div><div><br></div><div>Therefore, anyone got any smart ideas about how to do this better? The requirements I'm looking to fulfil, in summary:</div><div><br></div><div>1) A product has a specific 'strategy' for granting access to a book for a user, expressed as ruby code</div><div>2) A product has a price and name that is editable as data through our web app's admin interface</div><div><br></div><div>And, in general, i'd be interested to know - is there a name for this type of (anti-)pattern - Types of things that refuse to sensibly sit in the domain of software classes or Database fields? Does any of this even make any sense? I'm not so sure myself anymore.<br></div><div><br></div><div>Any thoughts gratefully received!</div><div><br></div><div>Cheers,</div><div><br></div><div>Tim</div><div><br></div></div>
_______________________________________________<br>Chat mailing list<br><a href="mailto:Chat@lists.lrug.org" target="_blank">Chat@lists.lrug.org</a><br>Archives: <a href="http://lists.lrug.org/pipermail/chat-lrug.org" target="_blank">http://lists.lrug.org/pipermail/chat-lrug.org</a><br>Manage your subscription: <a href="http://lists.lrug.org/options.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/options.cgi/chat-lrug.org</a><br>List info: <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br></div></blockquote></div><br></div></div>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org" target="_blank">Chat@lists.lrug.org</a><br>
Archives: <a href="http://lists.lrug.org/pipermail/chat-lrug.org" rel="noreferrer" target="_blank">http://lists.lrug.org/pipermail/chat-lrug.org</a><br>
Manage your subscription: <a href="http://lists.lrug.org/options.cgi/chat-lrug.org" rel="noreferrer" target="_blank">http://lists.lrug.org/options.cgi/chat-lrug.org</a><br>
List info: <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" rel="noreferrer" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
</blockquote></div>