Index: openacs-4/packages/acs-core-docs/www/object-system-design.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/object-system-design.html,v diff -u -r1.16 -r1.17 --- openacs-4/packages/acs-core-docs/www/object-system-design.html 11 Nov 2003 10:28:27 -0000 1.16 +++ openacs-4/packages/acs-core-docs/www/object-system-design.html 19 Nov 2003 15:44:50 -0000 1.17 @@ -1,11 +1,7 @@ -OpenACS 4 Object Model Design

OpenACS 4 Object Model Design

-by Pete Su, - Michael Yoon, - Richard Li - and Rafael Schloming
+OpenACS 4 Object Model Design

OpenACS 4 Object Model Design

By Pete Su, Michael Yoon, Richard Li, Rafael Schloming

OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff. -

Essentials

Data Model

Essentials

Tcl Files

Not yet linked.

Object Context and Access Control

Until the implementation of the general permissions system, every OpenACS application had to manage access control to its data separately. Later on, a notion of "scoping" was introduced into the core data model.

"Scope" is a term best explained by example. Consider some -hypothetical rows in the address_book table:

...scopeuser_idgroup_id...
...user123...
...group456...
...public...

The first row represents an entry in User 123's personal address book, +hypothetical rows in the address_book table:

...scopeuser_idgroup_id...
...user123...
...group456...
...public...

The first row represents an entry in User 123's personal address book, the second row represents an entry in User Group 456's shared address book, and the third row represents an entry in the site's public address book.

In this way, the scoping columns identify the security context in which a @@ -94,8 +90,8 @@ abstract name for the default security domain to which the object belongs. Each context has a unique identifier, and all the contexts in a system form a tree. Often this tree will reflect an observed hierarchy in a site, e.g. a -bboard message would probably list a bboard topic as its context, and a -bboard topic might list a subsite as its context. Thus, contexts make it +forum message would probably list a forum topic as its context, and a +forum topic might list a subsite as its context. Thus, contexts make it easier to break the site up into security domains according to its natural structure. An object's context is stored in the context_id column of the acs_objects table.

We use an object's context to provide a default answer to questions @@ -858,7 +854,7 @@ procedures that allow applications to create object types, object instances, and object relations. Most of the data model is straightforward; the relation type mechanism is a bit more complex, but in return it provides functionality -on par with the old user/groups system in a more general way.

Future Improvements/Areas of Likely Change

Nothing here yet.

Authors

Pete Su generated this document -from material culled from other documents by Michael Yoon, Richard Li and Rafael Schloming. But, any remaining lies +on par with the old user/groups system in a more general way.

Future Improvements/Areas of Likely Change

Nothing here yet.

Authors

Pete Su generated this document +from material culled from other documents by Michael Yoon, Richard Li and Rafael Schloming. But, any remaining lies are his and his alone.

Revision History

Document Revision #Action Taken, NotesWhen?By Whom?
0.1Creation9/09/2000Pete Su
0.2Edited for ACS 4 Beta9/30/2000Kai Wu
0.3Edited for ACS 4.0.1, fixed some mistakes, removed use of term "OM"11/07/2000Pete Su
View comments on this page at openacs.org