clean C++ granular friend equivalent? (Answer: Attorney-Client Idiom)
I know this is an old question, but the problem is still relevant. While I like the idea of the Attorney-Client idiom, I wanted a transparent interface for client classes that had been granted private (or protected) access.
I imagine something similar to this has been done already, but a cursory look around didn't turn up anything. The following method (C++11 up) works on a per class (not per object) basis and uses a CRTP base class that is used by the 'private class' to expose a public functor. Only those classes that have specifically been given access can call the functor's operator(), which then directly invokes the associated private method via a stored reference.
There is no function call overhead and the only memory overhead is one reference per private method that requires exposure. The system is very versatile; any function signature and return type is permitted as is calling virtual functions in the private class.
For me, the main benefit is one of syntax. While an admittedly rather ugly declaration of the functor objects is required in the private class, this is completely transparent to the client classes. Here is an example taken from the original question:
struct Doctor; struct Judge; struct TaxMan; struct TheState;
struct Medicine {} meds;
class Person : private GranularPrivacy<Person>
{
private:
int32_t money_;
void _takePill (Medicine *meds) {std::cout << "yum..."<<std::endl;}
std::string _tellTruth () {return "will do";}
int32_t _payDollars (uint32_t amount) {money_ -= amount; return money_;}
public:
Person () : takePill (*this), tellTruth (*this), payDollars(*this) {}
Signature <void, Medicine *>
::Function <&Person::_takePill>
::Allow <Doctor, TheState> takePill;
Signature <std::string>
::Function <&Person::_tellTruth>
::Allow <Judge, TheState> tellTruth;
Signature <int32_t, uint32_t>
::Function <&Person::_payDollars>
::Allow <TaxMan, TheState> payDollars;
};
struct Doctor
{
Doctor (Person &patient)
{
patient.takePill(&meds);
// std::cout << patient.tellTruth(); //Not allowed
}
};
struct Judge
{
Judge (Person &defendant)
{
// defendant.payDollars (20); //Not allowed
std::cout << defendant.tellTruth() <<std::endl;
}
};
struct TheState
{
TheState (Person &citizen) //Can access everything!
{
citizen.takePill(&meds);
std::cout << citizen.tellTruth()<<std::endl;
citizen.payDollars(50000);
};
};
The GranularPrivacy base class works by defining 3 nested template classes. The first of these, 'Signature', takes the function return type and function signature as template parameters, and forwards these to both the functor's operator() method and the the second nest template class, 'Function'. This is parametrized by a pointer to a private member function of the Host class, which must have the signature provided by the Signature class. In practice, two separate 'Function' classes are used; the one given here, and another for const functions, omitted for brevity.
Finally the Allow class recursively inherits from a explicitly instantiated base class using the variadic template mechanism, depending on the number of classes specified in it's template argument list. Each inheritance level of Allow has one friend from the template list, and the using statements bring the base class constructor and operator () up the inheritance hierarchy into the most derived scope.
template <class Host> class GranularPrivacy
{
friend Host;
template <typename ReturnType, typename ...Args> class Signature
{
friend Host;
typedef ReturnType (Host::*FunctionPtr) (Args... args);
template <FunctionPtr function> class Function
{
friend Host;
template <class ...Friends> class Allow
{
Host &host_;
protected:
Allow (Host &host) : host_ (host) {}
ReturnType operator () (Args... args) {return (host_.*function)(args...);}
};
template <class Friend, class ...Friends>
class Allow <Friend, Friends...> : public Allow <Friends...>
{
friend Friend;
friend Host;
protected:
using Allow <Friends...>::Allow;
using Allow <Friends...>::operator ();
};
};
};
};
I hope somebody finds this useful, any comments or suggestions would be most welcome. This is definitely still work in progress - I would particularly like to merge the Signature and Function classes into just one template class, but have been struggling to find a way to do this. More complete, runnable examples can be found at cpp.sh/6ev45 and cpp.sh/2rtrj.
The Attorney-Client idiom may be what you're looking for. The mechanics are not too different from your member proxy class solution, but this way is more idiomatic.
You can use a pattern described in Jeff Aldger's book 'C++ for real programmers'. It has no special name but there it is referred as 'gemstones and facets'. The basic idea is as following: among your main class that contains all the logic, you define several interfaces (not real interfaces, just like them) that implements sub-parts of that logic. Each of those interface (facet in terms of book) provides access to some of logic of main class (gemstone). Also, each facet holds the pointer to gemstone instance.
What does this mean for you?
- You can use any facet everywhere instead of gemstone.
- Users of facets doesn't have to know about gemstone structure, as in could be forward-declared and used through PIMPL-pattern.
- Other classes can refer to facet rather to gemstone - this is the answer to your question about how to expose limited nubmer of methods to specified class.
Hope this helps. If you want, I could post code samples here to illustrate this pattern more clearly.
EDIT: Here's the code:
class Foo1; // This is all the client knows about Foo1
class PFoo1 {
private:
Foo1* foo;
public:
PFoo1();
PFoo1(const PFoo1& pf);
~PFoo();
PFoo1& operator=(const PFoo1& pf);
void DoSomething();
void DoSomethingElse();
};
class Foo1 {
friend class PFoo1;
protected:
Foo1();
public:
void DoSomething();
void DoSomethingElse();
};
PFoo1::PFoo1() : foo(new Foo1)
{}
PFoo1::PFoo(const PFoo1& pf) : foo(new Foo1(*(pf
{}
PFoo1::~PFoo()
{
delete foo;
}
PFoo1& PFoo1::operator=(const PFoo1& pf)
{
if (this != &pf) {
delete foo;
foo = new Foo1(*(pf.foo));
}
return *this;
}
void PFoo1::DoSomething()
{
foo->DoSomething();
}
void PFoo1::DoSomethingElse()
{
foo->DoSomethingElse();
}
Foo1::Foo1()
{
}
void Foo1::DoSomething()
{
cout << “Foo::DoSomething()” << endl;
}
void Foo1::DoSomethingElse()
{
cout << “Foo::DoSomethingElse()” << endl;
}
EDIT2: Your class Foo1 could be more complex, for example, it contains two another methods:
void Foo1::DoAnotherThing()
{
cout << “Foo::DoAnotherThing()” << endl;
}
void Foo1::AndYetAnother()
{
cout << “Foo::AndYetAnother()” << endl;
}
And they're accessible via class PFoo2
class PFoo2 {
private:
Foo1* foo;
public:
PFoo2();
PFoo2(const PFoo1& pf);
~PFoo();
PFoo2& operator=(const PFoo2& pf);
void DoAnotherThing();
void AndYetAnother();
};
void PFoo1::DoAnotherThing()
{
foo->DoAnotherThing();
}
void PFoo1::AndYetAnother()
{
foo->AndYetAnother();
}
Those methods are not in PFoo1 class, so you cannot access them through it. In this way you can split the behavior of Foo1 to two (or more) facets PFoo1 and PFoo2. Those facets classes could be used in different places, and their caller shoudn't be aware of Foo1 implementation. Maybe it's not what you really want, but what you want is impossible for C++, and this is a work-aroud, but maybe too verbose...
There is a very simple pattern, which has retro-actively been dubbed PassKey, and which is very easy in C++11:
template <typename T>
class Key { friend T; Key() {} Key(Key const&) {} };
And with that:
class Foo;
class Bar { public: void special(int a, Key<Foo>); };
And the call site, in any Foo method, looks like:
Bar().special(1, {});
Note: if you are stuck in C++03, skip to the end of the post.
The code is deceptively simple, it embeds a few key points that are worth elaborating.
The crux of the pattern is that:
- calling
Bar::specialrequires copying aKey<Foo>in the context of the caller - only
Foocan construct or copy aKey<Foo>
It is notable that:
- classes derived from
Foocannot construct or copyKey<Foo>because friendship is not transitive Fooitself cannot hand down aKey<Foo>for anyone to callBar::specialbecause calling it requires not just holding on to an instance, but making a copy
Because C++ is C++, there are a few gotchas to avoid:
- the copy constructor has to be user-defined, otherwise it is
publicby default - the default constructor has to be user-defined, otherwise it is
publicby default - the default constructor has to be manually defined, because
= defaultwould allow aggregate initialization to bypass the manual user-defined default constructor (and thus allow any type to get an instance)
This is subtle enough that, for once, I advise you to copy/paste the above definition of Key verbatim rather than attempting to reproduce it from memory.
A variation allowing delegation:
class Bar { public: void special(int a, Key<Foo> const&); };
In this variant, anyone having an instance of Key<Foo> can call Bar::special, so even though only Foo can create a Key<Foo>, it can then disseminate the credentials to trusted lieutenants.
In this variant, to avoid a rogue lieutenant leaking the key, it is possible to delete the copy constructor entirely, which allows tying the key lifetime to a particular lexical scope.
And in C++03?
Well, the idea is similar, except that friend T; is not a thing, so one has to create a new key type for each holder:
class KeyFoo { friend class Foo; KeyFoo () {} KeyFoo (KeyFoo const&) {} };
class Bar { public: void special(int a, KeyFoo); };
The pattern is repetitive enough that it might be worth a macro to avoid typos.
Aggregate initialization is not an issue, but then again the = default syntax is not available either.
Special thanks to people who helped improving this answer over the years:
- Luc Touraille, for pointing to me in the comments that
class KeyFoo: boost::noncopyable { friend class Foo; KeyFoo() {} };completely disables the copy constructor and thus only works in the delegation variant (preventing storing instance). - K-ballo, for pointing out how C++11 improved the situation with
friend T;