The more I see of it, the more I firmly believe that C# regions are not a good thing - at least if the code has been written by some human.
I was just listening/watching a screencast about the CSLA Framework on dnrTV and Rocky and the other guy just drool about how cool regions are when looking at one of the CSLA example classes which has around 441 lines of code and 6 regions and 23 methods which do such diverse things like validation authorization, instance creation, data access, existence checking and even some so called business methods, that more or less are just getters and setters for the data behind an object.
Back to my heading: The regions in C# (not sure if there is such a thing for vb.net) are used to give some structure to a class that is doing to much. This seems very much like a GOD OBJECT that should be torn appart along the lines of the SINGLE RESPONSIBILITY PRINCIPLE in the first place. Using regions here is just window dressing.
Btw: The CSLA is doing some interessting things, but I still do not understand why it does those things so clumsily.
The following code shows an example of how CSLA is checking that the current user can read a data value from an object.
public object SomeProperty {
get {
CanReadProperty(true);
return _someProperty;
}
}
So there's the security concern intermingled with the rest.
If the member where defined like this
public virtual object SomeProperty {
get {
return _someProperty;
}
}
it would be easy to have a decorator arround the object that is taking care of the authorization, so the security aspect would be out of the business code. If you used something like DynamicProxy , you could make the security aspect even generic (not like in Generics) by introducing an Interceptor that handles all the property access with the same logic, maybe using Attributes to declare who is allowed to access the data.
No comments:
Post a Comment