Difference between revisions of "MD Store/Architecture"
Jump to navigation
Jump to search
m (updated category) |
|||
| (11 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
==Introduction== | |||
This page is reference for the MDStore architecture. | |||
More information on the MDStore can be found at the [[MD_Store|MD Store]] page. | |||
==Use-Cases== | ==Use-Cases== | ||
[[Image:UseCasesMDStore.jpg]] | [[Image:UseCasesMDStore.jpg]] | ||
| Line 4: | Line 8: | ||
==Components== | ==Components== | ||
[[Image:MDStoreComponentDiagram.jpg]] | [[Image:MDStoreComponentDiagram.jpg]] | ||
The MD Store has it's own AA component, which beside it's internal logic, may additionally implement plug-ins to the interfaces of an external AA component, such as eSciDoc AA. | |||
==Interaction== | ==Interaction== | ||
| Line 9: | Line 16: | ||
[[Image:MDStoreInteraction.jpg]] | [[Image:MDStoreInteraction.jpg]] | ||
=== | ===Check Privileges=== | ||
*Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container). | *Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container). | ||
| Line 16: | Line 23: | ||
***MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time | ***MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time | ||
***MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned | ***MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned | ||
*Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context". | *Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context". | ||
In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges | *In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges | ||
*If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDoc AA (or Other AA) and retrieves all not revoked grants of the user for MDStore relevant roles | |||
*check privileges | |||
**Business component has to protect each action by first checking the privileges of the user (from the user session object) | |||
'''Examples''' | |||
createResource | |||
Depositor | |||
if context(container) equals to value in provided resource-xml and not withdrawn | |||
updateResource | |||
Depositor | |||
Moderator | |||
Collaborator | |||
updateResource | if context(container) equals to value in provided resource-xml and not withdrawn | ||
if context(container) equals to value in provided resource-xml and not withdrawn | |||
[[Category: | [[Category:MD Store]] | ||
Latest revision as of 08:51, 2 July 2013
Introduction[edit]
This page is reference for the MDStore architecture. More information on the MDStore can be found at the MD Store page.
Use-Cases[edit]
Components[edit]
The MD Store has it's own AA component, which beside it's internal logic, may additionally implement plug-ins to the interfaces of an external AA component, such as eSciDoc AA.
Interaction[edit]
Check Privileges[edit]
- Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container).
- Only roles relevant for the MDStore are to be checked.
- These roles are: Depositor, Moderator, Collaborator
- MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time
- MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned
- These roles are: Depositor, Moderator, Collaborator
- Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context".
- In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges
- If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDoc AA (or Other AA) and retrieves all not revoked grants of the user for MDStore relevant roles
- check privileges
- Business component has to protect each action by first checking the privileges of the user (from the user session object)
Examples
createResource
Depositor
if context(container) equals to value in provided resource-xml and not withdrawn
updateResource
Depositor
Moderator
Collaborator
if context(container) equals to value in provided resource-xml and not withdrawn