π§ͺοΈ Need Conditional Execution with Auth
β Problem Overviewβ
In many systems, certain operationsβlike deleting records or triggering external API callsβmust be executed only if the user is authorized.
However, when business logic and authorization logic are mixed together, the code becomes tightly coupled, hard to test, and difficult to extend.
Common challenges:
- Authorization checks are hardcoded into each operation
- Execution logic is tangled with access control rules
- Adding new roles or permission conditions leads to growing complexity and duplication
β Solution Overviewβ
Apply the Command pattern to encapsulate operations as objects,
and wrap them with a Proxy that performs permission checks before execution.
| Concern | Applied Pattern |
|---|---|
| Encapsulating operations | Command |
| Conditional execution and access | Proxy |
β Pattern Synergyβ
| Role | Example Implementation |
|---|---|
| Operation logic | DeleteUserCommand (Command) |
| Authorization wrapper | AuthProxy (Proxy) |
| Execution controller | ActionExecutor (Invoker) |
| Authorization provider | AuthorizationService |
Commandturns operations into reusable, executable objectsProxyintercepts the call and enforces access rules before delegation
β UML Class Diagramβ
β Explanationβ
This structure separates authorization from business logic:
DeleteUserCommandencapsulates the action logicAuthProxywraps the command and performs an access check before executionAuthorizationServiceprovides centralized authorization rulesActionExecutorinvokes anyCommand, unaware of whether it's a proxy or not
By cleanly separating concerns, the design supports reuse, testability, and clear responsibility boundaries.
β Practical Notesβ
- β Enables flexible authorization wrapping for any command-like operation
- β Multiple access strategies (admin-only, self-only) can be swapped via the proxy layer
- β Can be combined with logging, UI button visibility, or audit tracking
Examples:
- Admin-only delete or approval actions
- Role-based control of features like user group editing
- Pre-validated API calls that should execute only under certain business rules
β Summaryβ
- Use
Commandto encapsulate operations for reuse and tracking - Use
Proxyto add access control and validation before execution - A powerful combination for conditionally executing actions securely
- Helps unify concerns like authorization, logging, and execution control
This pattern synergy provides a highly maintainable and secure approach to managing protected operations in real-world systems.