Chained Object Design

Technologies Used

  • Python for rapid prototyping with decent performance.
  • Flask or Tornado for Python server.
  • SQLAlchemy for Python ORM.
  • MySQL for database server.
  • Knockout or AngularJS for client-server databinding.
    • MustacheJS with JQuery would also work fine, but will require more work.

Database

{uml} title DB Tables

objects: id PRIMARY AUTOINC objects: user_id FK objects: parent_id FK

fields: id PRIMARY AUTOINC fields: object_id FK

users: id PRIMARY

attachments: id PRIMARY AUTOINC attachments: object_id FK

user_object_perms: user_id FK user_object_perms: object_id FK user_object_perms: perm_id FK

perms: id PRIMARY AUTOINC perms: key UNIQUE VARCHAR

{enduml}

Notes

  • The perm: key property exists to have a unique string to handle access.
    • Example: use a decorator on ReSTFul endpoints:
      • @has_perm("some_key")
      • has_perm checks for the object in the URL, and compares user_object_perms result for that ID to the current user.

{uml} title DB Relations

objects->users: user_id fields->objects: object_id objects->objects: parent_id attachments->objects: object_id user_object_perms->users: user_id user_object_perms->objects: object_id user_object_perms->perms: perm_id

{enduml}

API

{uml} title Objects "POST /api/object"->"CREATE object" "GET /api/object/"<-"READ object" "POST /api/object/"->"UPDATE object" "DELETE /api/object/"->"DELETE object" {enduml}

{uml} title Object Fields "POST /api/object//field"->"CREATE field" "POST /api/object//field/"->"UPDATE field" "DELETE /api/object//field/"->"DELETE field" {enduml}

{uml} title Users "POST /api/user/login"<-"READ user" "POST /api/user/register"->"CREATE user" "POST /api/user/"->"UPDATE user" "GET /api/user/"<-"READ user" {enduml}

Notes

  • Try to adhere to CRUD: create, read, update, delete.
  • GET requests should return JSONified data.

Server Design

  • Wrap API calls to objects with @has_perm("read") or @has_perm("write")
    • This has_perm(perm_key) method should perform the following:
      1. Check that a valid user is logged in
      2. Read the url to acquire the object ID
      3. Check user_object_perms for the user ID, object ID, and perm key