Difference between revisions of "MD Store/Architecture"
Jump to navigation
Jump to search
| Line 16: | Line 16: | ||
***MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time | ***MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time | ||
***MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned | ***MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned | ||
*Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context". | *Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context". | ||
In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges | *In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges | ||
*If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles | |||
If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles | *checkPrivileges | ||
**Business component has to protect each action by first checking the privileges of the user (from the user session object) | |||
Business component has to protect each action by first checking the privileges of the user (from the user session object) | |||
Examples | ''' | ||
Examples''' | |||
createResource | createResource | ||
Depositor | Depositor | ||
if context(container) equals to value in provided resource-xml and not withdrawn | if context(container) equals to value in provided resource-xml and not withdrawn | ||
updateResource | updateResource | ||
Depositor | Depositor | ||
| Line 36: | Line 36: | ||
Collaborator | Collaborator | ||
if context(container) equals to value in provided resource-xml and not withdrawn | if context(container) equals to value in provided resource-xml and not withdrawn | ||
[[Category:Faces_4.0]] | [[Category:Faces_4.0]] | ||
Revision as of 10:00, 29 July 2010
Use-Cases[edit]
Components[edit]
Interaction[edit]
CheckPrivileges[edit]
- Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container).
- Only roles relevant for the MDStore are to be checked.
- These roles are: Depositor, Moderator, Collaborator
- MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time
- MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned
- These roles are: Depositor, Moderator, Collaborator
- Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context".
- In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges
- If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles
- checkPrivileges
- Business component has to protect each action by first checking the privileges of the user (from the user session object)
Examples
createResource
Depositor
if context(container) equals to value in provided resource-xml and not withdrawn
updateResource
Depositor
Moderator
Collaborator
if context(container) equals to value in provided resource-xml and not withdrawn