Access Control for objects

Is it Possible to limit the functionality of class to certain objects only (in C++). What that would mean is, suppose there are 10 methods in a class and this class has 10 objects. Is it possible to have object1 & object2 access only 3 functions. Object3, object4,object5, object6 access 6 functions. and rest of the objects access all functions?

I am trying to implement an access control system, where general users can see only some limited functionality. Previlaged users can have little bit more access and administrators have access to all functions.

One approach is to use inheritance, something like this:

class PublicFeatures
{ 
    public:

   // add some methods here;
};

class ProtectedFeatures:public PublicFeatures
{
   public:

   // add some more methods here;
};

class AdminFeatures:public ProtectedFe开发者_Go百科atures
{
   public:

  // add rest of the methods here;
};

In this case, we instantiate objects of any of three classes depending on the kind of access level we want. But what i am thinking is having just one class, and somehow restrict the access to some methods for that particular object.

Is it possible to do such a thing? or i have to follow a different approach for implementing access control?

As far as I know, no. This is part, however, of Aspect Oriented Programming research. I saw something like what you need in this book: Aspect Oriented Software Development.

The main issue you face is the lack of knowledge of "who is the caller" of your function. You could get along by requiring each caller to call your object's methods passing this as a form of authentication about itself. Far from perfect, but with this solution you can wrap each method in a pre-method doing the ACL.

Another alternative would be to declare your implementation class totally private in terms of methods, and define a "bodyguard" class, declared friend of the first. The bodyguard class performs the calls on behalf of the caller (which is the only one authorized to do, due to the friend declaration). You still have the problem of authentication, and you are basically wrapping the whole target class behind its bodyguard object.

Class member access levels don't really have anything to do with users and security restrictions. They're really just coding constructs, not something that you can use at runtime. The compiler is either going to allow or prevent you from calling a function when it compiles your code. If it compiles your program can be run, otherwise not. There's no meaningful way to add in any kind of conditionals or application logic.

But what I am thinking is having just one class, and somehow restrict the access to some methods for that particular object.

Yes, that's what you should do. The language won't help but you can just guard calls to the methods yourself. As in, don't even attempt to call an administrative method if the user is not an admin.

if (user.isAdministrator()) {
    securityLogs.archiveAndDelete();
}
else {
    throw SecurityException("You can't do that!");
}