Difference between revisions of "MD Store/Architecture"

Use-Cases[edit]

Components[edit]

Interaction[edit]

CheckPrivileges[edit]

• Whenever a user invokes first time an operation that requires authorization (create, delete, update) an object holding information on user session is populated with a list of user roles granted on a context(or container).
• Only roles relevant for the MDStore are to be checked.
  • These roles are: Depositor, Moderator, Collaborator
    • MDStore Depositor can create MDRecords for resources in particular context and can update own MDRecords at any time
    • MDStore Moderator can modify MDRecords for resources in the context on which it had been assigned
• Note: in case of eSciDoc used as AA the context is same as escidoc-context and is written in the Resource property "context".
• In case when MDStore AA is to be plugged-in with another system, appropriate translator has to be provided for context, roles and retrieval of privileges
• If when invoking and operation e.g. createResource a UserSessionObject is not created then MDStore invokes its eSciDocAA (or OtherAA) and retrieves all not revoked grants of the user for MDStore relevant roles
• checkPrivileges
  • Business component has to protect each action by first checking the privileges of the user (from the user session object)

Examples

        createResource
              Depositor
              if context(container) equals to value in provided resource-xml    and not withdrawn

        updateResource
              Depositor
              Moderator
              Collaborator
              if context(container) equals to value in provided resource-xml and not withdrawn