Chained Object Design
Technologies Used
- Python for rapid prototyping with decent performance.
- Flask or Tornado for Python server.
- SQLAlchemy for Python ORM.
- MySQL for database server.
- Knockout or AngularJS for client-server databinding.
- MustacheJS with JQuery would also work fine, but will require more work.
Database
{uml} title DB Tables
objects: id PRIMARY AUTOINC objects: user_id FK objects: parent_id FK
fields: id PRIMARY AUTOINC fields: object_id FK
users: id PRIMARY
attachments: id PRIMARY AUTOINC attachments: object_id FK
user_object_perms: user_id FK user_object_perms: object_id FK user_object_perms: perm_id FK
perms: id PRIMARY AUTOINC perms: key UNIQUE VARCHAR
{enduml}
Notes
- The perm: key property exists to have a unique string to handle access.
- Example: use a decorator on ReSTFul endpoints:
@has_perm("some_key")
has_perm
checks for the object in the URL, and comparesuser_object_perms
result for that ID to the current user.
- Example: use a decorator on ReSTFul endpoints:
{uml} title DB Relations
objects->users: user_id fields->objects: object_id objects->objects: parent_id attachments->objects: object_id user_object_perms->users: user_id user_object_perms->objects: object_id user_object_perms->perms: perm_id
{enduml}
API
{uml}
title Objects
"POST /api/object"->"CREATE object"
"GET /api/object/
{uml}
title Object Fields
"POST /api/object/
{uml}
title Users
"POST /api/user/login"<-"READ user"
"POST /api/user/register"->"CREATE user"
"POST /api/user/
Notes
- Try to adhere to CRUD: create, read, update, delete.
- GET requests should return JSONified data.
Server Design
- Wrap API calls to objects with
@has_perm("read")
or@has_perm("write")
- This
has_perm(perm_key)
method should perform the following:- Check that a valid user is logged in
- Read the url to acquire the object ID
- Check
user_object_perms
for the user ID, object ID, and perm key
- This