I have a RentalProperty class which looks something like this:
class RentalProperty
{
Money MonthlyRent;
List<MaintainenceCall> MaintainenceCalls;
}
From my understanding, using DDD to change the MonthlyRent, I would get the RentalProperty, change the MonthlyRent property, and call RentalPropertyRepository.Save(). The same process would be handled to add a new MaintainenceCall.
The problem I have is that, for example, a Handyman should be able to add a MaintainenceCall, but should not be allowed to change the MonthlyRent. How should I implement this (as well as other similar) security policy?
Best Solution
AOP. PostSharp is really slick for stuff like this.
Because security is really a cross-cutting concern.