I have a two repositories Catalog and User, I have a situation where I need to call a method within the catalog repo from the user repo, is this good practice or is there a better way?
+3
A:
I would reference the other Repository at the upper layer, such as a service layer
dfa
2009-07-27 11:37:17
+4
A:
You shouldn't be handling those kind of authorization checks within your Repositories. A business rule like "This user requires X comments to post" isn't really a repository query, it's a property of your User.
Also, authorization calls are made very frequently in an application, and you really don't want to hit your database every time a check is required.
You should properly load these permissions into your User object which is then cached for the current request, and use your domain:
public class Service {
public void Save(Post post)
{
if(User.GetCurrentUser().HasEnoughCommentsToPost())
postRepository.Add(post);
}
}
Mike Gardiner
2009-08-04 16:13:24
+1 for nice example
dfa
2009-08-04 18:45:11
A:
I think that in your case authorization is part of your domain logic. So I'd create an abstract class or interface called AuthorizationPolicy (maybe you can find a better name closer to your domain), in my domain layer. Before you call a method on the repository, the client should check if the have have permission based on the policy.
Another solution, because the interface of a repository is also part of the business logic, you can create a base class for your repository which check permissions of the user and delegate the rest to derived classes.
The implementation of the AuthorizationPolicy will talk to the Catalog class if you want. This way the two repositories are well decoupled.
Nicolas Dorier
2009-08-04 18:56:36