Basic Software Design Question Using Roles & Membership

Question

Hi.

I am in the process of looking at an API and I see the following two calls:

API.Users.Roles.getAllRoles();

API.Admin.Roles.getAllRoles();

What I would like to know is how each of these call is used within the context of a Web program. Since both Admin and Users are properties, what exactly is the get; set; doing? How does the call know which Admin (or user) is making the call?

My hunch is that this has something to do with how the API class is instantiated (and session?) but I'd appreciate a walk-through on what is going on here so I fully understand it.

The (abbreviated) class structure looks like the following:

public class API() 
{
 public Admin Admin { get; private set; }
 public Users Users { get; private set; }
}

public class Users
{
 public Roles Roles { get; private set; }
    ...
}

 public class Roles
 {

    public override string[] GetAllRoles()
    { 
      ...
    }
 }

Thanks in advance.

Answer 1

To me it seems that they have a custom role provider and are therefore overriding the GetAllRoles method so that the roles can be obtained from the datasource. Without seeing further details, I can only assume, but when a user registers, they're probably assigned a particular role. They can then use the Roles.IsUserInRole method to detect what role the user is assigned to. There's more on custom role providers here which will explain why methods are being overwritten.

Answer 2

Hey,

It will check the current user name from the current principal (HttpContext.Current.User.Identity.Name) which uses forms/windows account depending on setup, or if not in the web environment, it will use the current windows user logged into the system.