The chapters of this article are,
Platform provides a bunch of fundamental staff for any business solutions include management of Membership, Role, Organization, Permission, Concrete Data, Hierarchy and Relationship; Sequence Number; Authentication & Authorization; Site Map Population;
SaaS Application Isolation. All these components are optimized in performance with cache.
This section introduces why & how each component above applied into your business solutions.
Domain & Organization Type & Organization
Domain groups organization types with organizations. When you define a domain in RapidWebDev, you have to configure overall permission and sitemap sets for this domain. That means all users in the domain implicitly should work differently on some areas.
Take our practice on developing an order application. We define three domains “Internal Organization”, “Customer” and “Vendor”. In “Internal Organization”, we have organization types as Sales Department, IT Department, Customer Service, Financial Department
and Execute Management. We categorize customers into “VIP Customer”, “Enterprise Customer” and “Individual Customer” by organization types and categorize vendors into “CPU Product Vendor”, “Memory Product Vendor” etc.
The internal organization users can manage customers, vendors, approve orders and so on depends on their permission. But internal users are impossible to “Confirm Money Accepted” for a vendor.
Why organization has relationship with Hierarchy?
That just makes organization model being more generic matching potential cases we cannot imagine in our infrastructure development time. With relationship to Hierarchy, you can initialize hierarchy types like Geography, Position and Function Zone etc and set
hierarchy items in these types to organization when you create/update it. Then you have capacity to query organizations by hierarchy and get organizations with hierarchy association.
A role is associated with permissions. Besides, role can be associated with organization type that it allows to create different roles for each organization type. This enables the business requirement that administrator can assign user in different organization
types with different role sets.
Take an example. We have “Enterprise Customer” and “Individual Customer” in Customer domain. We may create roles “Enterprise Customer Administrators”, “Enterprise Customer Users” and “Enterprise Customer Managers” for “Enterprise Customer” but only “Individual
Customer Users” for “Individual Customer”.
A user can be assigned with multiple roles that the user inherits the permissions of these roles. And a user can be set permission explicitly. That means, the permissions owned by a user depends on both explicit permissions and permissions of roles.
In RapidWebDev, a user has to belong to an organization. But in a simple application development, what we can do if we don’t need concept “organization”? In this case, you can work around by creating a default organization and making all users belong to it.
When you start development on your application, you should configure permission file which matches PermissionConfig.xsd in platform. In permission file, you have to define permission sets for each domain you configured in platform configuration. Then when administrator
intends to create a user in domain X, all candidate permission the administrator can set should come from intersection between the permission configured to domain X in this permission file and the permission owned by the administrator.
Take an example. You configure permission A, B, C and D to domain X in permission file. When an administrator with permission B and D manages a user, the overall permission the administrator can set to the user is (B, D) which come from intersection between
(A, B, C, D) and (B, D).
Authorization & Site Map
A user is enabled to the system only when the user and its organization are enabled both.
When you start development on your application, you should configure site map file which matches SiteMapConfig.xsd in platform. In site map file, you have to define site map item sets for each domain you configured in platform configuration. The each site map
item includes Displaying Text, Permission Value and potential children. The visible site map to a login user depends on configured site map items for a domain and what permissions the user has.
Permission Value is text format. There are two default permission values “EveryOne” and “Anonymous”. “EveryOne” - any login users can access the resource without special authorization. “Anonymous” - all accesses are valid to the resource without login. Permission
value can be composed of permission segments separated by character dot likes “XXX.YYY.ZZZ”.
The authorization algorithm on permission is implied in the following example.
# "XXX.All" contains all permission values started with "XXX." and "XXX" itself, e.g. "XXX.Update", "XXX.Delete" and "XXX.View".
# "XXX.YYY" contains all permission values started with "XXX.YYY" and ended with ".View", e.g. "XXX.YYY.View" and "XXX.YYY.ZZZ.View".
Hierarchy API allows you to create any data in hierarchy like Geography and Position. If your system needs two types of data in hierarchy, Geography and Position, you need to setup these hierarchy types first. Then create hierarchy data into each type.
Once you have these data in hierarchy, you can reference them into business by ID. Don’t worry about performance on CRUD, they’re optimized in cache.
Concrete data provides model and API for developers to easily manage enumerable data without writing much code.
Take an example. A product has properties Size and Dimension in product management system. Size and Dimension are not free input but user only needs to select from a dropdown. The options of the dropdown are maintained by administrators. In this case, you only
need to define two concrete data type in platform configuration. RapidWebDev provides you the UI and API to CRUD concrete data in these types intelligently.
Relationship is used for developers to setup One2One, One2Many and Many2Many relationship between two objects by ID without refactoring data table but through API only. Relationship API reduces the work that developer has to refactor data tables for any data
relationship and it obviously cuts down the complexity and workload of system development.
Sequence Number is used to generate sequence number without writing code just calling API, like Order Number and Product Number.
When you take a look at data schema of Platform, you can see a table named Application and column ApplicationId exists in every table. RapidWebDev uses ApplicationId to isolate data for different applications. It provides an interface named IApplicationContext
which can get ApplicationId for current execution easily. IApplicationContext resolve the application id from request URI authority. There has configuration in RapidWebDev to configure mapping between URI authority and Application.
When you intend to build SaaS system, you should follow the same way to create column ApplicationId into your business data table and take care of it while executing CRUD.