SlideUiPattern | Android Slide UI Pattern | Architecture library

Before we start, I do agree with you that these 2 different websites have completely different behaviors, hence demand different handling approaches.

To the point - let's break your question into the followings factors:

• Availability
• Incoming Traffic
• Pricing

Availability Most chances that your landing page should be served via a CDN in order to get world-wide coverage, while the app itslef may use a cdn. Some technical point to consider:

• If that page is also build with a modern stack it also can be hosted via a cloud-based storage
• You can select a CDN from your hosting cloud provider (such as aws, azure, gcp, etc.) or use a completely external service (such as max cdn). It mainly depends on the technological stack that your website

Incoming Traffic As landing pages are opened to the general public and using anonymous access (e.g. - no login is required) they are at a high risk level for ddos and other malicious attacks. This is why these websites are mostly hosted behind a waf, gateway or any other tier that help these websites to protect themselves from being hijacked. Also, in most use-cases, these websites should handle very high loads (way more than the app itself, which is login protected). Some key points:

• Landing page websites loads may change drastically and without any warning.. so they should be deployed in an elastic high availability manner which means - when high loads occur - please use more resources to handle these loads (and please automatically decrease them when loads return to normal levels)
• In terms of logs - incoming traffic is different when dealing with identify users and when handling anonymous access - both in terms of cyber security as well of data analysis
• Apps that require login, will mostly need to use a solid gateway and some sort of identity management solution. These parts have no benefit to the landing page in terms of functionality and also - resource usage

Pricing Yes, we want to gain as much flexibility as possible, but we also want to pay the lower price possible as well. Coupling these 2 different apps may cause using expensive resources just to handle landing page loads. On the other hand - decoupling them will allow us to track every resource group and pay only for what we are using. So yes - it's even makes sense in terms of pricing

In short (sort of) - 2 different apps should have 2 different ways of deployments - each with its own technical stack and configurations. That will give us

• Flexibility - change in one environment will not damage the other
• Deployment - 2 different pipelines - each dedicated only to the a single solution
• Pricing - there is no need to waste resources (for example: by over using libraries that consume resources that most time is unused) hence - paying less
• DevOps - in some use-cases - 2 different devOps personnel may handle each pipeline, which may be an advantage

Hope this information helps

I'm highly confused on the profits of externalizing what's usually the core object of an app. Am I thinking too monolithically? :-D

Yes, you are thinking too monolithically by assuming that you have to write and control all the code. You have asked a question about essentially outsourcing Authentication to an existing SASS based solution, when you could just as easily write your own. This is a common mistaken assumption that many developers make, especially in the area of Security for applications.

• Authentication is a core requirement for many solutions, but it is very rarely a core aspect or feature of the solution.

By writing your own solution to what is a generally standard concept (Authentication) you have to write, test and maintain your logic, including keeping up to date with latest security trends over the lifetime of the product. In terms of direct Profit/Cost:

• Costs you a lot of time and effort to get it right
• Your own solution will add a layer of technical debt, future developers (internal or external) will need to familiarise themselves with your implementation before they can even start maintenance or improvement work
• You are directly assuming all the risks and responsibilities to maintain the security of the solution and its data.

Depending on the type of data and jurisdiction of your application you may be asked down the track to implement multi-factor authentication or to force all users to re-register to adopt stronger security protocols, this can be a lot of effort for your own solution, or a simple tick of a box in the configuration of your Authentication provider.

You need to be careful to separate the two concepts of Authentication and a User in the business domain. Regardless of where or what methodology you use to Authenticate your users, from a data integrity point of view it is important that there is a User concept in the database to associate related data for each user.

So there is no way around it, your business domain logic requires a table to represent a User in this business domain.

This User table should have an arbitrary Primary Key that is specific to the Application domain, and in that table store the token that that is used to map that business user to the Authentication process. Then throughout your model, you can create FK references back to the user table.

In this way it may be possible for you to map users to multiple different providers, or to easily change the provider with minimal or zero impact on the rest of the business domain model.

What is important from a business process point of view is that the application can resolve the correct business User from the token or claims provided in the response from the authentication provider.

If SSO (Single Sign On) is appealing to you then the choice of which Authentication provider to use can become an issue depending on the nature of your solution and the type of users who will be Authenticating. If the solution is tenanted to other businesses and offers B2B, or B2C focused activities then an Enterprise authentication solution like Azure AD, or Google Cloud Identity might make sense. You would register your product in the client's authentication domain so that they can manage their users and access levels.

If the solution is more public focussed then you might consider other social media Authentication providers as a means of simplifying Authentication for users rather than forcing them to use your own bespoke Authentication process that they will invariably forget their password too...

You haven't mentioned what language or runtime you are considering, however if you do choose to write your own Authentication service, as a bare minimum you should consider implementing an OAuth 2.0 implementation to ensure that your solution adheres to standard practises and is compatible with other providers chould you choose to use them later.

In a .NET based environment I would suggest Identity Server 4 as a base level of security, there are a lot of resources on implementation, other frameworks should have similar projects or providers that you can host yourself. The point is that by using a standard implementation of your own Authentication Service, rather than writing your own one that is integrated into your software you are not re-inventing anything, there is a lot of commercial and community support available to help you minimise the effort and cost to get things up and running.

Ultimately, if you are concerned with Profit, and lets face it most of us are, then the idea that you would re-create the wheel, just because you can adds a direct implementation and long term maintenance Cost and so will directly reduce Profitability, especially when the effort to implement existing Authentication providers into your solution is really low.

Even if you choose today to implement your own Authentication Service, it would be wise to implement it in such a way that you could easily offload that workload to an external provider, it is the natural evolution of security for small to mid sized applications when users start to demand more stringent security requirements or additional features than it is cost effective to provide in your native runtime.

Once security is implemented in your application the rest of the business process generally evolves and we neglect to come back and review authentication until after a breach, if we or the client ever detect such an event, for this reason it is important that we get security as right as we can from the very start of a solution.

Whilst not directly related, this discussion reminds me of my faviourite quote from Eric Lippert in a comment on an SO blog

Eric Lippert on What senior developers can learn from beginners
...The notion that programming can be principled — that we proceed by understanding the abstractions afforded by the language, and then match those abstractions to a model of the business domain of the program — is apparently never taught to a great many programmers. Rather, many programmers proceed as though they’re exploring an undiscovered country, and going down paths more or less at random and hoping they end up somewhere good, no matter how twisted the path is that gets them there...

One of the reasons that we use external Authentication Providers is that the plethroa of developers who have come before us have already learnt the hard lessons on what to do, or not to do and have evolved a set of standards and protocols to provide best practice guidelines on how to protect our users and their data when they are using our software. Many of these external providers represent best practice implementations and they maintain them for us as the standards continue to evolve, so that we don't have to.

The underlying issue is that the consumers of MyNewClass need to know how big it is (e.g. if it needs to be allocated on the stack), so all members need to be known to be able to correctly calculate the size.

I'll not address the patterns you already described. There are a few more that could be helpful, depending on your use-case.

Create a class with only the exposed methods and a factory function to create an instance.

Upsides:

• Completely hides all private members

Downsides:

• requires heap allocation
• lots of virtual function calls

Header:

First of all, if it's messages, then /messages should be there because the resource is message.

After that, messages/mandatories means that there a listing of mandatories, that it's a subset of messages. Do you intend to add or update a mandatory message with put, post or patch, messages/mandatories is the right way.

But if it's only a filter for messages that are mandatory, the best way to do it is with a GET like this: /messages?status=mandatories

Where status is the field that indicate if the message is mandatory

The only plausible, general approach is to rewrite all relevant code to not only use _ to request translation but to never cache the result. That’s not a fun idea and it’s not a new idea—you already list Refactoring and Deferred translation that rely on the cooperation of the gettext clients—but it is the “best way […] in practice”.

You can try to do a super-reload by removing many things from sys.modules and then doing a real reimport. This approach avoids understanding the import relationships, but works only if the relevant modules are all written in Python and you can guarantee that the state of your program will retain no references to any objects (including types and modules) that used the old language. (I’ve done this, but only in a context where the overarching program was a sort of supervisor utterly uninterested in the features of the discarded modules.)

You can try to walk the whole object graph and replace the strings, but even aside from the intrinsic technical difficulty of such an algorithm (consider __slots__ in base classes and co_consts for just the mildest taste), it would involve untranslating them, which changes from hard to impossible when some sort of transformation has already been performed. That transformation might just be concatenating the translated strings, or it might be pre-substituting known values to format, or padding the string, or storing a hash of it: it’s certainly undecidable in general. (I’ve done this too for other data types, but only with data constructed by a file reader whose output used known, simple structures.)

Any approach based on partial reevaluation combines the problems of the methods above.

The only other possible approach is a super-LazyString that refuses to translate for longer by implementing operations like + to return objects that encode the transformations to eventually apply, but it’s impossible to know when to force those operations unless you control all mechanisms used to display or transmit strings. It’s also impossible to defer past, say, if len(_("…"))>80:.

The reason for the design is summed up by kleopatra's comment:

Why would it not be exposed I would pose it the other way round: why should it? It's convenience api at best, easy to implement by clients, not really needed - adding such to a framework/toolkit tends to exploding api/implementation to maintain.

JavaFX is filled with decisions like this on purpose. A lot of the reasoning is based on experience (good and bad) from AWT/Spring. Just some examples:

• For specifying execution on the UI thread, there is a runLater API, but no invokeAndWait API like Swing, even though it would be easy for the framework to provide such an API and it has been requested.

  • Providing an invokeAndWait API means that naive (and experienced :-) developers could use it incorrectly to accidentally deadlock threads.

• Lots of classes are final and not extensible.

  • Sometimes developers want to extend classes, but can't because they are final. This means that they can't over-ride a lot of the built-in tested functionality of the framework and accidentally break it that way. Instead they can usually use aggregation over inheritance to do what they need. The framework forces them to do so in order to protect itself and them.

• Color objects are immutable.

  • Immutable objects in general make stuff easier to maintain.

• Native look and feels aren't part of the framework.

  • You can still create them if you want, and there are 3rd party libraries that do that, but it doesn't need to be in the core framework.

• The application programming interface is single threaded not multi-threaded.

  • Because the developers of the framework realized that multi-threaded UI frameworks are a failed dream.

The philosophy was to code to make the 80% use case easier and the the 20% use case (usually) possible, using additional user or 3rd party code, while making it difficult for the user code to accidentally (or intentionally) break the framework. You just stumbled upon one instance of an application of this philosophy.

There are a whole host of catch-phrases that you could use to describe the reason for this design approach. None of them are OOP or MVC specific. The underlying principles have been around far longer than software engineering, they are just approaches towards work and engineering in general. Here are some links if interested:

• You ain't going to need it YAGNI
• Minimal viable product MVP
• Worse-is-better
• Muntzing
• Feature creep prevention
• Keep it simple stupid KISS
• Occam's razor

It sounds like you would need an overarching GUI component that represents the actual workflow and uses instances of those other components. Most UI frameworks would help you with such composition. Since you didn't tell us which framework you are using you'd have to figure that out using the frameworks docs.

Generally make sure you create a loose coupling between parent and children to ensure the subordinate components can be reused independently.

Also another thing you didn't ask for - In your diagram all components use the same DB block in the bottom. Its not clear what that means exactly, but make sure that each component has their own independent persistence, for example separate tables. Any need to communicate state from one component to the next should go through an API of the component owning the data and not through directly shared DB tables.

The placeMine() method belongs in the Game class.

The architecture of your game is logically divided into (Model-View-Controller):

• Model: Board / Cell
• Controller: Game
• Helper classes: Player (and Mine could be another if it had other properties)

The model contains the game's state. The controller is responsible for managing each turn of the game, and updating the state accordingly. The game's actions are dealt with by the controller. While a Player is the 'owner' of a turn, and perhaps the owner of a cell, etc, it is the Game which is placing a mine on any given turn on behalf of the player, and updating the state accordingly.

You are looking for a "What makes sense?" answer, so I can only tell you what makes sense from my perspective.

First you don't need to mock all dependencies or do you mock string and array list objects in other tests?

My goal is to make my unit tests as fast as possible and easy to setup.

1. The tests will be very fast if they operate on pure POJOs. Your use cases use entities and the entities are POJOs thus your use case tests will run fast.
2. I mock the repositories that provide entities, because the repositories usually connect the use cases to the external systems, e.g. a database or rest service. These are the systems that make tests slow and are hard to setup.

So to answer your questions...

How to write a GOOD unit test for a use case and how to handle entity dependencies in my test ?

Use Solution 2: I don't mock entities. I usually do that.

In general, what should I do with my entity dependencies in my unit tests?

You can mock them, but it makes your code more complicated. So just use them and make sure that they are plain objects.

In this example above how to write a good unit test for "addHorseUseCase"?