Skip to main content

Using an Array of Objects in C++

 I've been programming for years (over 35 at this point, which is crazy to think about). My career right now is much more Software Architecture, and much less Software Developer, but I still get some time to write out GraphQL APIs in TypeScript, Vue 3 UIs, GitLab pipelines, and just generally making "big" decisions and helping make them a reality.

It's nice every now and then to come across different articles and ideas that get me to remember life in college when I was using C++. Who would have thought C++ was the "hot new thing" right now (though I suppose it's more like Rust and Go, both great languages as well).

One of the things I find frustrating with most technical posts is where they focus on the "how do I build an app" and not so much on "how do I do this one slightly useful thing". I figured I'd throw one together what was front of mind, using user attributes for permissions (i.e., Attribute Based Access Control - ABAC) to check permissions.

Our classes look like the following.


// Attribute defines a user's attributes (often also thought of as permissions)
class Attribute
{
private:
    string id;
    string name;

public:
    Attribute(string id, string name)
    {
        this->id = id;
        this->name = name;
    }

    string getId()
    {
        return id;
    }

    string getName()
    {
        return name;
    }
};

// AttributeGroup defines a group of attributes (often also thought of as a role)
class AttributeGroup
{
private:
    string id;
    string name;
    // Use a vector since we don't know how many attributes will be added
    vector attributes;

public:
    AttributeGroup(string id, string name)
    {
        this->id = id;
        this->name = name;
    }

    string getId()
    {
        return id;
    }

    string getName()
    {
        return name;
    }

    void addAttribute(Attribute attribute)
    {
        attributes.push_back(attribute);
    }

    vector getAttributes()
    {
        return attributes;
    }
};

// U.S. Mailing Address information
class Address
{
private:
    string street1;
    string street2;
    string city;
    string state;
    string postalCode;
    bool international;

public:
    Address()
    {
        this->street1 = "";
        this->street2 = "";
        this->city = "";
        this->state = "";
        this->postalCode = "";
        this->international = false;
    };

    Address(string street1, string street2, string city, string state, string postalCode, bool international = false)
    {
        this->street1 = street1;
        this->street2 = street2;
        this->city = city;
        this->state = state;
        this->postalCode = postalCode;
        this->international = international;
    };

    // getAddress returns a formatted address natching the U.S. or international standard.
    string getAddress()
    {
        if (international)
            return street1.append("\n").append(street2).append("\n").append(city).append(" ").append(postalCode);

        return street1 + "\n" + street2 + "\n" + city + ", " + state + " " + postalCode;
    };

    void setAddress(string street1, string street2, string city, string state, string postalCode, bool international = false)
    {
        this->street1 = street1;
        this->street2 = street2;
        this->city = city;
        this->state = state;
        this->postalCode = postalCode;
        this->international = international;
    };
};

class User
{
private:
    string id;
    string name;
    Address address;
    // Use a vector since we don't know how many attributes will be associated with the user
    vector attributes;
    // Use a vector since we don't know how many groups will be associated with the user
    vector attributeGroups;

public:
    User()
    {
        this->id = "";
        this->name = "";
        this->address = Address();
        this->attributes = vector();
        this->attributeGroups = vector();
    };

    User(string id, string name, Address address)
    {
        this->id = id;
        this->name = name;
        this->address = address;
        this->attributes = vector();
        this->attributeGroups = vector();
    };

    User(string id, string name, Address address, vector attributeGroups)
    {
        this->id = id;
        this->name = name;
        this->address = address;
        this->attributes = vector();
        this->attributeGroups = vector();

        for (AttributeGroup attributeGroup : attributeGroups)
        {
            addAttributeGroup(attributeGroup);
        };
    };

    User(string id, string name, Address address, vector attributes)
    {
        this->id = id;
        this->name = name;
        this->address = address;
        this->attributes = attributes;
        this->attributeGroups = vector();
    };

    User(string id, string name, Address address, vector attributeGroups, vector attributes)
    {
        this->id = id;
        this->name = name;
        this->address = address;
        this->attributes = attributes;

        for (AttributeGroup attributeGroup : attributeGroups)
        {
            addAttributeGroup(attributeGroup);
        };
    };

    string getId()
    {
        return this->id;
    }

    string getName()
    {
        return this->name;
    }

    Address getAddress()
    {
        return this->address;
    }

    void addAttribute(Attribute attribute)
    {
        this->attributes.push_back(attribute);
    };

    /**
     * addAttributeGroup adds an attribute group to a user, and assigns the permissions to the user's attributes.
     * attributeGroup is the grouping of attributes to add to the user.
     */
    void addAttributeGroup(AttributeGroup attributeGroup)
    {
        this->attributeGroups.push_back(attributeGroup);
        for (Attribute attribute : attributeGroup.getAttributes())
        {
            this->attributes.push_back(attribute);
        };
    };

    /**
     * getAttributeGroups returns all attribute groups assigned to the user.
     */
    vector getAttributeGroups()
    {
        return this->attributeGroups;
    };

    /**
     * getAttributes returns all attributes assigned to the user.
     */
    vector getAttributes()
    {
        return this->attributes;
    };

    /**
     * hasAttribute checks if a user has a specific attribute.
     * attribute is the attribute to check for, matching on their id or name.
     */
    bool hasAttribute(string attribute)
    {
        // If the attribute is entirely empty, then return false since the user must not have it.
        if (attribute == "" && attribute == "")
        {
            return false;
        };

        for (Attribute att : attributes)
        {
            if (att.getId() == attribute || att.getName() == attribute)
            {
                return true;
            };
        };
        return false;
    };
};

The actual function to create some dummy users and then use the attributes (permissions) of the logged in user (here the `runningUser`) to see if the person running the program has permission to retrieve the groups of the user.


// Set a fixed array length to make accessing users more predictable.
#define userSize 3

array getUsers(AttributeGroup adminGroup, AttributeGroup userGroup, Attribute queryGroupsAttribute)
{
    array users;

    // Initialize users with sample data
    users[0] = User("1", "Alice", Address("123 Main St", "", "Anytown", "CA", "12345", true));
    users[0].addAttributeGroup(adminGroup);
    users[0].addAttributeGroup(userGroup);

    users[1] = User("2", "Bob", Address("456 Elm St", "", "Othertown", "NY", "67890"));
    users[1].addAttributeGroup(userGroup);

    users[2] = User("3", "Charlie", Address("789 Oak St", "", "Somewhere", "CA", "54321", false));
    users[2].addAttribute(queryGroupsAttribute);

    return users;
}

int main()
{

    Attribute queryGroupsAttribute = Attribute("1", "QUERY_GROUPS");

    Attribute mutateCreateGroupAttribute = Attribute("2", "MUTATE_ADD_GROUP_ATTRIBUTE");

    Attribute queryUsersAttribute = Attribute("3", "QUERY_USERS");

    AttributeGroup adminGroup = AttributeGroup("1", "Administrator");

    adminGroup.addAttribute(queryGroupsAttribute);
    adminGroup.addAttribute(mutateCreateGroupAttribute);

    AttributeGroup userGroup = AttributeGroup("2", "Basic User");

    userGroup.addAttribute(queryUsersAttribute);

    array users = getUsers(adminGroup, userGroup, queryGroupsAttribute);

    string runningUserId;
    cout << "Which user will be running the user access request? (1, 2, or 3): ";
    cin >> runningUserId;

    User runningUser;
    for (User u : users)
    {
        if (u.getId() == runningUserId)
        {
            runningUser = u;
            break;
        };
    };

    string userId;
    cout << "Which user would you like to view? (1, 2, or 3): ";
    cin >> userId;

    if (!runningUser.hasAttribute("QUERY_USERS"))
    {
        cout << "User does not have access to query users." << endl;
        return 0;
    }

    User user;
    for (User u : users)
    {
        if (u.getId() == userId)
        {
            user = u;
            break;
        };
    };

    cout << "User ID: " << user.getId() << endl;
    cout << "Name: " << user.getName() << endl;
    cout << "Address: " << user.getAddress().getAddress() << endl;

    if (!runningUser.hasAttribute("QUERY_GROUPS"))
    {
        return 0;
    }

    cout << "User has access to query groups." << endl;

    for (AttributeGroup group : user.getAttributeGroups())
    {
        cout << group.getName() << endl;
    }

    return 0;
}

I assume the comments are pretty clear what's going on. But to be clear...

  • Attributes hold the list of user attributes (permissions) that a user has to determine what they can do.
  • Attributes are linked to a user, and access checks are never done directly done on a group, instead always an attribute.
  • To make lives easier for an administrator or stakeholder to assign attributes to a user, attributes can be grouped together in an AttributeGroup (often called a role).

In this example, when an attribute group is assigned to a user we roughly loop over each of the attributes and add them to the user. In the real world the attributed on the group might change over time, so the user attributes would also need to reflect these changes. So a better `hasAttribute()` function would loop over the attributes in the group and the attributes on the user. We wouldn't normally just add every attribute to the user since that's just a snapshot in time.

Full code

Comments

Post a Comment

Popular posts from this blog

Red-Gate SQL Compare

Every now and then I come across a program that becomes so ingrained in my daily work that I hardly know how I'd get by without it.  I'll probably break down a couple over the next few days, but for database work, I have never found anything as good as Red Gate's SQL Compare and SQL Data Compare .  Essentially these tools let you compare two SQL Server databases (all objects, users, permissions, functions, diagrams, anything) and update changes to whichever database you want.  This is amazingly useful for deploying database changes to a test or production environment (do it to production with ridiculous care, even though it will generate a SQL Script for you and run all updates in one transaction), and making sure everything is synchronized. For releases we can just generate the compare script, confirm that the changes match the updates we want to go out, and store it all in one place with the release details.  This is true for both the structure and the d...
6 comments
Read more

Kids Activities

I find myself often in a situation where it's some morning, I have the kids for the afternoon, and I'm not sure what to do with them. We could go to a movie, or play Legos, but living near Washington, DC, I want the kids to love the museums as much as I do, or to see what else is going on. This Sunday, while my wife was travelling, I took the kids to the Chocolate Festival in Old Town Fairfax. I didn't even know there wad an Old Town Fairfax, much less a chocolate festival. It was okay overall, but the best was seeing any type of chocolate you could imagine, and letting the kids pick something for themselves and their teacher. For finding cheap or free stuff going on nearby with the kids, I have to say About.com has consistently been the best. I tried si.edu (the Smithsonian Website) which is also good, but a little hard to navigate, partly because they have so much going on. At About I did a search of what to do with my kids this weekend, and a bunch of items came ...
Post a Comment
Read more