/
Sharing Role, CapabilitySets, Capabilities with Consortium Members
Sharing Role, CapabilitySets, Capabilities with Consortium Members
- Azizbek Khushvakov
Owned by Azizbek Khushvakov
This document will illustrate the design for sharing settings between members of a consortium.
Diagrams
Diagram for Share Role functionality
PlantUML source code
@startuml
!pragma teoz true
!theme cerulean
autonumber
actor "user" as user
participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk
user -> mck: Initiate sharing role action
note right
POST /consortia/<consortiumId>/sharing/roles
{
"roleId": "<UUID>",
"url": "string",
"payload": {
"id": "<UUID>",
"name": "<String>",
"description": "<String>"
}
}
end note
activate mck
mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table
note bottom
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
note right
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
mck -> mck_db: Retrieve all tenants list
loop tenants size count
alt #E8F3E1 tenant id does not exist in role_capability_sets table
mck -> mck: Add tenant to POST Role Publish Coordinator tenants list
mck -> mck_db: Create new entity
note right
| tenant_id | role_id |
| "tenant B" | <UUID2> |
end note
else #F3E1E2 tenant id exists
mck -> mck: Add tenant to PUT Role Publish Coordinator tenants list
end
end
mck -> mck: Set source as Consortium for all role (Create and Update)
mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token
mck -> mc_pc: Initiate PC request with POST HTTP method to create role
mc_pc -> mrk: Send HTTP POST request to create role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck -> mc_pc: Initiate PC request with PUT HTTP method to update role
mc_pc -> mrk: Send HTTP POST request to create role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck --> user: Return response with both PC ids
note right
Response payload:
{
"createRolePCId": "<UUID>",
"updateRolePCId": "<UUID>"
}
end note
user -> mck: Check if POST PC completed: /consortia/<UUID>/publications/<UUID>
user -> mck: Check if PUT PC completed: /consortia/<UUID>/publications/<UUID>
@enduml
Diagram for Delete Shared Setting functionality
PlantUML source code
@startuml
!pragma teoz true
!theme cerulean
autonumber
actor "user" as user
participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk
user -> mck: Initiate deleting role action
note right
DELETE /consortia/<consortiumId>/sharing/roles/<roleId>
{
"roleId": "<UUID>",
"url": "string"
}
end note
activate mck
mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using roleId
note bottom
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
note right
| tenant_id | role_id |
| "tenant A" | <UUID1> |
| "tenant B" | <UUID2> |
end note
loop tenants where role is exists
mck -> mck: Add tenant to DELETE Role Publish Coordinator tenants list
end
mck -> mck_db: Remove record with "roleId" and "tenant A" variables
mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token
mck -> mc_pc: Initiate PC request with DELETE HTTP method to delete a role
mc_pc -> mrk: Send HTTP DELETE request to delete role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck --> user: Return response with PC id
note right
Response payload:
{
"deleteRolePCId": "<UUID>"
}
end note
user -> mck: Check if DELETE PC completed: /consortia/<UUID>/publications/<UUID>
@enduml
Diagram for Share Role and CapabilitySets functionality. Role and Capabilities also similar to this flow
PlantUML source code
@startuml
!pragma teoz true
!theme cerulean
autonumber
actor "user" as user
participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk
user -> mck: Initiate sharing role capability sets action
note right
POST /consortia/<consortiumId>/sharing/roles/capability-sets
{
"roleId": "<UUID>",
"url": "string",
"payload": {
"roleId": "<UUID>",
"capabilitySetNames": "["<string>", "<string>"]"
}
}
end note
activate mck
mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using is_capability_sets_shared flag true
note bottom
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
end note
note right
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
| "tenant B" | <UUID2> | false |
end note
mck -> mck_db: Retrieve all tenants list
loop tenants size count
alt #E8F3E1 tenant id does not exist in role_capability_sets table
mck -> mck: Add tenant to POST Role Capability Sets Publish Coordinator tenants list
mck -> mck_db: Set is_capability_sets_shared flag to true for new tenant
else #F3E1E2 tenant id exists
mck -> mck: Add tenant to PUT Role Capability Sets Publish Coordinator tenants list
end
end
mck -> mck: Set source as Consortium for all role capability sets (Create and Update)
mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token
mck -> mc_pc: Initiate PC request with POST HTTP method to create role capability sets
mc_pc -> mrk: Send HTTP POST request to create role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck -> mc_pc: Initiate PC request with PUT HTTP method to update role capability sets
mc_pc -> mrk: Send HTTP POST request to create role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck --> user: Return response with both PC ids
note right
Response payload:
{
"createRoleCapabilitySetsPCId": "<UUID>",
"updateRoleCapabilitySetsPCId": "<UUID>"
}
end note
user -> mck: Check if POST PC completed: /consortia/<UUID>/publications/<UUID>
user -> mck: Check if PUT PC completed: /consortia/<UUID>/publications/<UUID>
@enduml
Diagram for Delete Shared Setting functionality
PlantUML source code
@startuml
!pragma teoz true
!theme cerulean
autonumber
actor "user" as user
participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk
user -> mck: Initiate deleting role capability sets action
note right
DELETE /consortia/<consortiumId>/sharing/roles/<roleId>/capability-sets
{
"roleId": "<UUID>",
"url": "string"
}
end note
activate mck
mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using is_capability_sets_shared flag true
note bottom
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
end note
note right
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
| "tenant B" | <UUID2> | false |
end note
loop tenants where role capability set is shared
mck -> mck: Add tenant to DELETE Role Capability Sets Publish Coordinator tenants list
end
mck -> mck_db: Set is_capability_sets_shared flag to false for "roleId" and "tenant A"
mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token
mck -> mc_pc: Initiate PC request with DELETE HTTP method to delete role capability sets
mc_pc -> mrk: Send HTTP DELETE request to delete role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id
mck --> user: Return response with PC id
note right
Response payload:
{
"deleteRoleCapabilitySetsPCId": "<UUID>"
}
end note
user -> mck: Check if DELETE PC completed: /consortia/<UUID>/publications/<UUID>
@enduml
Key Changes
Sharing Role and Capabilities/CapabilitySets suppor roleId + CapabilitySetNames/CapabilityNames and these relationships are supported in mod-roles
Here is diagram to explain why using roleId + CapabilitySetNames/CapabilityNames since name is the same in all tenants
DB table structure
New table shared_role will be created and store role and tenant associations in the central tenant with following structure:
Field | Type | Comment |
---|---|---|
id(PK) | UUID | Unique identifier of table |
role_id(indexed) | UUID | Contains shared setting uuid |
is_capabilities_shared | boolean | Indicates role and capabilities shared in tenant |
is_capability_sets_shared | boolean | Indicates role and capability sets shared in tenant |
tenant_id | Text | Contains tenant where setting was shared |