Using a UserPermissionService by all Presenters in the Application to control the access to commands

I'm handling user permission in a MVP Winforms application as follows. Here I'll give a full detail of my code as it will be helpful when answering to this question.

My user model has a list called permissions which holds the permissions of the current user.
(eg: CAN_EDIT_ACCOUNT)

public class User
{
    //
    //
    List Permissions = new List();
}

In Programe.cs I instantiate required objects and services as follows. Please note that I'm using a single presenter for both login and main views. (Hope MVP doesn't stop me doing that)

Programe.cs

    static void Main()
    {
        frmLogin loginView = new frmLogin (); // Login form
        User userModel = new User();            
        DataService dataService = new DataService();
        UserPermissionService ups = new UserPermissionService();
        frmMain mainView = new frmMain(); // Application's main window

        LoginPresenter presenter = new LoginPresenter(loginView,mainView, userModel, dataService, ups);
        presenter.Show();            
    }

UserPermissionService is supposed to handle giving permission on request. At the creation of this service in the above code, its not aware of the user as the user is yet to login. So that Method Injection will be used.

There is a bool property for each module or feature that we need to control permission. If the respective permission is in the permissions list of the user, the property will be set to True.

public class UserPermissionService
{
    private User _user = null;

    public void InjectUser(User user) // User injected
    {
        _user = user;
    }

    public bool CanAccessBankAccountModule
    { 
        get { return _user.Permissions.Contains("BANKACCOUNT"); } 
    }
    //
    //
}

LOGIN

When the user presses OK button after supplying user credentials, it will validate it as follows. LoginPresenter will listen to the OnValidatePassword event and if its valid then the main window will be l

I am looking at this Method

private void ValidatePassword()
    {
        var hash = Encryption.GetHash(_LoginView.UserID, _LoginView.Password);
        var user = _DataService.GetPermissions(_DataService.GetUser(_LoginView.UserID));
        if (user != null)
        {
            _Model = user;
            var hashInDB = _Model.PassWord;

            if (hash != hashInDB)
            {
                MessageBox.Show("Invalid password");
                _LoginView.Valid = false;
            }
            else
            {
                _UPS.InjectUser(_Model);
                _MainView.PermissionsService = _UPS; //Optional
                _MainView.ShowDialog();
            }
        }
        else
        {
            MessageBox.Show("Invalid user name");
        }
    }

and it doesn't appear that you really use _Model anywhere else, so I was thinking that you could just remove _Model = user; and use user wherever you were using _Model.

One other thing in this snippet, you should probably use a positive conditional for the if statements, so we just flip stuff around.

Like this

private void ValidatePassword()
{
    var hash = Encryption.GetHash(_LoginView.UserID, _LoginView.Password);
    var user = _DataService.GetPermissions(_DataService.GetUser(_LoginView.UserID));
    if (user != null)
    {
        var hashInDB = user.PassWord;

        if (hash == hashInDB)
        {
            _UPS.InjectUser(user);
            _MainView.PermissionsService = _UPS; //Optional
            _MainView.ShowDialog();
        }
        else
        {
            MessageBox.Show("Invalid password");
            _LoginView.Valid = false;

        }
    }
    else
    {
        MessageBox.Show("Invalid user name");
    }
}

It just makes the code slightly cleaner.

StackExchange Code Review Q#53979, answer score: 2