User Level Access

I have been trying to create a program that will have 3 types of users. Super user (have all access), Admin(Add and modify record), end user( viewing records). However, I was advised that there will be an option to add a new user type (ex. Group Admin, Department Admin ) that will have a different level of access.

I have created an application and I'm finishing the login feature. I was having a hard time determining the user type and the appropriate access for them. The code below doesn't seem to resolve my problem, because what if on run time, I added "Group Admin" or "Department Admin"? the code below doesn't make sense. Please advice.

CarefullyChooseOneForum

Nothing UI related here. Moving thread.

I am assuming you have a web based application.

learn about security constraint provided by web.xml

If you need to add user levels at compile time only I'd make it an enum:
If you need to be able to add rights during runtime you can use the above enum and turn into a regular class. You probably want to have a managing class as well so you can use single instances for each user level.

In the end, by using an enum or class, each user level is an object with its own properties. To determine whether or not a user level has any rights you don't need a switch statement or a group of if-statements; instead, call userLevel.canAddUsers() to determine whether or not the user can add users, etc.

Granted, the number of boolean properties can be quite large, but changing rights for a user level or adding a user level is all possible this way.

@ Rob Prime

Isn't is good to use the declarative security.
Even if new users are created they can be added to the predefined groups.

Manish Singh wrote:
Isn't is good to use the declarative security.
Even if new users are created they can be added to the predefined groups.

Depends; I need the ability to add groups at runtime, so it wouldn't work for me.

I wouldn't want to hard code user group names if I didn't have to, and if I had to I wouldn't want to spread the hard coded names around too much. By using an enum / class you only need the names when setting the user level for a user; the user level itself then determines what the user can and cannot do.

Thanks for the reply. I'm actually creating an application. However, what if I added a new type of user on runtime, let's say Group Admin that will have a different level of access. How do I update the enum with that type of user on run time?

Like I said, you'd need to use a regular class, probably with a manager class. You'll also want to persist the user levels; perhaps through XML, or by just (de)serializing the user levels.

I couldn't understand what you mean by regular class with a manager class. Please give a hint or explanation.