C# – DDD User Security Policies


I have a RentalProperty class which looks something like this:

class RentalProperty
    Money MonthlyRent;
    List<MaintainenceCall> MaintainenceCalls;

From my understanding, using DDD to change the MonthlyRent, I would get the RentalProperty, change the MonthlyRent property, and call RentalPropertyRepository.Save(). The same process would be handled to add a new MaintainenceCall.

The problem I have is that, for example, a Handyman should be able to add a MaintainenceCall, but should not be allowed to change the MonthlyRent. How should I implement this (as well as other similar) security policy?

Best Solution

AOP. PostSharp is really slick for stuff like this.

Because security is really a cross-cutting concern.