Question context
So I organized my application into bounded contexts (Eric Evans' "domain-driven design"). One of the bounded contexts is the "gameplay context." It, for instance, contains an interface Gamer
public interface Gamer {
void setFriends(Set<Gamer> friends);
Set<Gamer> getFriends();
....
}
There is also an implementation that is able to persist a Gamer
's state to a database.
@Entity
public class JpaGamer implements Gamer {
private String someData;
private String someSensitiveData;
public setFriends (Set<Gamer> friends) {
...
}
...
}
Far, far away, inside another bounded context called "accounts context," I have classes and interfaces that deal with the users of my application. For instance, there is an interface called Account
.
public interface Account{
boolean isSignedUp();
....
}
So a user / Account
can be signed up or not. For any Account
, there exists a corresponding Gamer
.
Challenge
I have a business rule: Never persist sensitive data anyhow related to a non-signed-up Account
.
For example, this means that some non-signed-up Account
's JpaGamer
instance cannot write data to the someSensitiveData
field. You could informally say that this JpaGamer
is a "non-signed-up JpaGamer
".
I don't want to hardcode any accounts-related logic into anything gameplay-related (and the same the other way around).
How can I implement such business rules in Java without tainting either bounded context with concepts from the other bounded context?
To fulfill the business rule, I have the idea that whenever there is a "non-signed-up JpaGamer
", I wrap that JpaGamer
inside a SparsePersistingGamer
. The SparsePersistingJpaGamer
would simply not forward to the underlying JpaGamer
any method that could potentially tamper with someSensitiveData
.
But now I have a problem with the someGamer.getFriends()
method. For the SparsePersistingGamer
, it would lazily load all that gamer's friends from JPA, returning a set of plain JpaGamer
s that are not aware of the (and any other) business rule, therefore persisting someSensitiveData
for potentially "non-signed-up JpaGamer
s".
Which strategies do you apply to tackle similar and related situations?