Hello. I am writing a program in which I have a login and password for each user + access rights. Here is my question. I need to store user access rights throughout the program. Access rights are used in different classes of functions and program files. It seems to me the easiest solution is to create one global constant in which access rights will be stored. But I heard that global variables are evil. But do not pass from class to class a variable in which it will be written "admin" or "work". Tell me what you think about this?

2 answers 2

Python: How to make a cross-module variable? —Django settings example

Briefly: if the variable does not change after initialization of the program, then a global config object that is received by a function call is justified (the latter makes it easier to start the test config). Another example: create_app () for flask .

    IMHO the ideal option would be to render the code for access rights checks from individual methods with a special class (ACL). When you create an acl object, pass it login / password / access rights, all that may be required to calculate the rights. And already this object to transfer from class to class.

    But to design the api and the structure of such a colossus is quite difficult and takes a lot of time. If you make a prototype or something like a proof-of-concept, then global variables are fine, if this works and you can “try”.

    Pros ACL:

    1. Easier to test
    2. You can test ACLs and data access / change methods separately.
    3. Easier to modify (add new roles / types of users).
    4. Easier to reuse.

    Minuses:

    1. It is necessary to transfer to every class that wants to work with grooms (decided through DI)
    2. Requires more force on the initial creation (design api, the possibility of expansion ...)

    Pluses of a global variable:

    1. No need to do DI.
    2. No need to preconceive an API for users.
    3. You can immediately start fig code :)

    Minuses:

    1. Testing code that depends on the global (external) state is much more difficult.
    2. Fewer opportunities to reuse (if there are several methods working with the same object, then the access check code will have to be duplicated)
    3. If the rights verification code is spread over the whole project, it will be much more difficult to add a new user type.