Difference between revisions of "MD Store/Architecture"
Jump to navigation
Jump to search
| Line 10: | Line 10: | ||
===CheckPrivileges=== | ===CheckPrivileges=== | ||
*Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container). | |||
*Only roles relevant for the MDStore are to be checked. | |||
**These roles are: Depositor, Moderator, Collaborator | |||
***MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time | |||
***MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned | |||
*Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context". | |||
In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges | |||
If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles | |||
b)checkPrivileges | |||
Business component has to protect each action by first checking the privileges of the user (from the user session object) | |||
Examples | |||
createResource | |||
Depositor | |||
if context(container) equals to value in provided resource-xml and not withdrawn | |||
============ | |||
updateResource | |||
Depositor | |||
Moderator | |||
Collaborator | |||
if context(container) equals to value in provided resource-xml and not withdrawn | |||
============ | |||
[[Category:Faces_4.0]] | [[Category:Faces_4.0]] | ||
Revision as of 09:59, 29 July 2010
Use-Cases[edit]
Components[edit]
Interaction[edit]
CheckPrivileges[edit]
- Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container).
- Only roles relevant for the MDStore are to be checked.
- These roles are: Depositor, Moderator, Collaborator
- MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time
- MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned
- These roles are: Depositor, Moderator, Collaborator
- Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context".
In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges
If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles
b)checkPrivileges Business component has to protect each action by first checking the privileges of the user (from the user session object)
Examples
createResource
Depositor
if context(container) equals to value in provided resource-xml and not withdrawn
==[edit]
updateResource
Depositor
Moderator
Collaborator
if context(container) equals to value in provided resource-xml and not withdrawn