vendredi 1 juin 2018

Should the aggregate root have a property that it cannot validate

I ran into the situation where I have to decide whether a property belongs to my aggregate or not. My domain logic is the following. A User has a group in his organization ex: IT, SALES, MARKETING. Depending on which group this user belongs to, he will have a set of Permissions. The logic of which group has which permissions is defined in the Website Policies. A Policy is a mapping between a group and a set of permissions. ex: group IT has permissions to view post, edit post and delete posts.

I have 2 aggregates: User and Website(we are managing multiple websites)

The question is: Should the permissions be part of the user aggregate?

It is easy and somehow makes sense to have the permissions in the user aggregates so it can be requested any time. But the problem I see with this is that the user aggregate root will not be able to satisfy this invariant:"A user should have the permissions that are defined for the groups that he/she belongs to" and since the permissions are transient data and they are not being persisted I think it should not be part of the User AR.

The other option would be to have a domain service or a method in the website AR that returns the permissions for a specific user. And then use this method whenever the permissions are needed.

Aucun commentaire:

Enregistrer un commentaire