显示UML图中不同类型账户的访问级别

huangapple go评论71阅读模式
英文:

Displaying levels of access for different types of accounts in a UML diagram

问题

抱歉,标题可能有点难以正确解释我需要帮助的内容,但我会尽力说明。

我正在开发一个Java项目,一个订单管理应用。我有几个类来处理应用程序中不同类型的功能,例如Order类,Client类,Task类等。每个类都有与它们所做的事情相关的方法,例如Order类有一个名为newOrder()的方法-你明白我的意思。

现在有一个变更,我需要向应用程序中添加一些新内容:现在应该有三种不同类型的账户可以访问该应用程序:管理员,项目经理或开发人员。每种账户都将对应用程序的功能具有不同级别的访问权限。管理员和项目经理将具有类似的访问权限,但开发人员只能访问由管理员授权的项目(订单)。

我正处于绘制此UML图的阶段,我真的很难想象应该如何将这个表示出来。我最初的想法是创建一个User类和三个子类(Admin,Project Manager和Developer),它们都扩展到User类。这三个类中的每一个都将包括他们被允许执行的方法,例如管理员和项目经理类将具有方法newOrder(),但开发者类不会有该方法。

我相信你可以看出我在这方面是相当新手,但您在这个阶段提供的任何帮助都将非常感激!

英文:

Pardon the title, it's a bit hard to properly explain what I need help with, but I'll give it a go.

I'm working on a Java project, an order management application. I've got several classes for the different types of functionalities in the application, e.g. an Order class, a Client class, a Task class, etc. Each of these tasks have methods that pertain to the things they do, e.g. the Order class has a method called newOrder() - you get the point.

There's been a change now and I need to add something new to the application: there's supposed to be three different types of accounts from which you can access the application: Admin, Project Manager or Developer. Each of these accounts will have different types of access to the functionalities of the application. Admins and project managers will have similar levels of acccess, but the developers will only have access to projects (orders) where they have been given access by an admin.

I'm in the stage where I'm drawing up the UML diagram for this and I'm really struggling with how I'm supposed to visualise this. My first thought was to create a User class and three subclasses (Admin, Project Manager & Developer) that all extend to the User class. Each of those three classes will include the methods for what they're allowed to do, e.g. the Admin and the Project Manager classes will have the method newOrder() but the Developer class won't have that.

I'm sure you can tell that I'm quite new at this, but any help you can give me at this point is very appreciated!

答案1

得分: 1

首先,让我们消除一个歧义:面向对象编程语言通常称之为访问级别、访问修饰符、访问限定符的东西,在 UML 中被称为可见性。它在类成员左侧显示为额外的字符:+ 表示公共,# 表示受保护,- 表示私有,~ 表示包内访问。

但很快就会显而易见,您对面向对象编程中的访问级别并不感兴趣,而是对应用程序中的授权访问控制感兴趣。对于这一点,在 UML 中并没有通用的解决方案。这完全取决于您的需求和设计:

  • 您确实可以拥有更通用的 User,并在编译时定义子类可以执行哪些操作。您的方法对此来说是一个良好的起点。不幸的是,同一用户不能同时具有多种类型的访问权限。
  • 或者,您可以只有一个 User 类,但还可以有一个 Role 类,每个 User 可以拥有一个或多个角色。这使用组合优于继承,并且更加灵活。
  • 或者,每个业务实体,例如 Order,都可以分配给一个 AccessControlGroup(例如用户部门、子公司代码或仅仅是访问代码):Role 与一个或多个 AccessControlGroup 相关联。
  • 或者,如果您想要将数据组合与操作组合以更精细地控制谁可以对哪些数据执行什么操作,甚至可能需要更复杂的访问控制组。

正如您所见,不同的要求可能需要非常不同的设计。

最后,还有一个问题:newOrder() 应该放在哪里:

  • 是放在 Order 类本身吗?那么该方法可以将 User 作为参数,以动态检查用户是否有权限。
  • 是放在 User 类中吗?但是,具有相同权限的不同用户类别是否应该实现相同的 newOrder() 方法?
  • 是放在表示业务交易或用例的某个类中吗?
  • ...

正如您所见,有很多解决方案。这不仅涉及需求,还涉及架构选择,关于类的职责和关注点分离。关于这些主题已经写了很多书,如果您想进一步了解的话。

**结论:**UML 不会告诉您解决方案应该是什么样的:您需要做出选择,然后您会在 UML 中展示您已经决定的内容 显示UML图中不同类型账户的访问级别

英文:

First of all, let's get rid of an ambiguity: what OOP languages usually call access level, access modifiers, access specifiers is called visibility in UML. It's shown with an extra character at the left of the class member: + for public, # for protected, - for private and ~ for package.

But it gets quickly obvious that you are not interested in access level in the OOP sense, but in authorisations and access control in the application. And there is no general UML solution for that. It's entirely dependent on your requirements and you design:

  • You may indeed have different specialisation of a more general User and define at compile time what sub-class can do what operation. Your approach would be a good start for that. Unfortunately, a same user would not be able to have several types of accesses at the same time.
  • Alternatively, you could have only one class of User but also a class Role, and each User could have one or more Role. This uses composition over inheritance and is more flexible.
  • Aleternatively, each business entity, such as Order could be affected to an AccessControlGroup (e.g. user department? subsidiary code? or just an access code?): the Role would be related to one or more AccessControlGroup.
  • Or you could even need more complex access control groups if you want to combine for example groups of data with groups of operations with a finer control of who can do what with what data.

As you see, different requirements may require very differents design.

Lastly, there is the question: where to put the newOrder():

  • is it in the Order class itself? Then that method could take User as argument, to check dynalically if the User is authorised to.
  • is it in the User class ? But should different categories of users with the same rights implement the same newOrder() method?
  • is it some class representing a business transaction or a use-case?
  • ...

As you see, there are plenty of solutions. It's not only the requirements, but also about architectural choices, about class responsibilities and seperation of concerns. Full books were written on those topics, if you want to dig further.

Conclusion: UML will no tell you how your solution should look like: you need to make the choices, and then you will show in UML what you have decided 显示UML图中不同类型账户的访问级别

答案2

得分: -1

这是面向对象编程思维的基础。您已经确定了所需的对象,并且正在识别属性和操作的边缘。您需要从不同的来源正确获取需求,然后为开发人员、项目经理和管理员对象(执行者)确定可能的操作。现在,当然,一组共同的操作可以移到用户(父对象)中。

我认为,您的思路正在朝着正确的方向发展,只需要更清楚地了解需求,以确定正确的操作集,这些操作将转化为一系列方法。

UML设计的步骤可能是...

  1. 确定用例/流程
  2. 识别对象(您已经完成)
  3. 为每个对象识别可能的操作
  4. 为对象识别可能的属性,以保存对象的状态
  5. 提出显示用例中对象之间交互的顺序图

请注意,从简单和最少的细节开始,然后逐步发展。您已经在正确的轨道上。

英文:

This is base of OOP thinking. You have already identified the required Objects and verge of identifying Properties and Actions. You need to get the requirement right from different sources then identify the possible actions for Developer, PM & Admin object(Actor). Now, of course, set of common actions can be moved to User (Parent).

I feel , your thinking is going right direction, just need to get more clarity on requirement to identify right set of actions which will turn into series of methods.

Steps of doing UML Design could be ...

  1. Identifying Usecase / flow
  2. Identifying Objects (You already did)
  3. Identifying possible Actions for each objects
  4. Identifying possible properties for the object to hold the state of the object
  5. Coming up with Sequence Diagrams showing interactions between Objects in an
    Usecase

Note, start with Simple and minimum detailing then, evolve from there. You are on right track already.

huangapple
  • 本文由 发表于 2020年9月23日 17:10:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/64024633.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定