MD Store/Architecture

From MPDLMediaWiki
Jump to navigation Jump to search


This page is reference for the MDStore architecture. More information on the MDStore can be found at the MD Store page.





The MD Store has it's own AA component, which beside it's internal logic, may additionally implement plug-ins to the interfaces of an external AA component, such as eSciDoc AA.



Check Privileges[edit]

  • Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container).
  • Only roles relevant for the MDStore are to be checked.
    • These roles are: Depositor, Moderator, Collaborator
      • MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time
      • MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned
  • Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context".
  • In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges
  • If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDoc AA (or Other AA) and retrieves all not revoked grants of the user for MDStore relevant roles
  • check privileges
    • Business component has to protect each action by first checking the privileges of the user (from the user session object)


              if context(container) equals to value in provided resource-xml    and not withdrawn

              if context(container) equals to value in provided resource-xml and not withdrawn