/
Sharing Role, CapabilitySets, Capabilities with Consortium Members

Sharing Role, CapabilitySets, Capabilities with Consortium Members

This document will illustrate the design for sharing settings between members of a consortium.

Diagrams

Diagram for Share Role functionality

 PlantUML source code
@startuml

!pragma teoz true
!theme cerulean

autonumber

actor "user" as user

participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk

user -> mck: Initiate sharing role action
note right
POST /consortia/<consortiumId>/sharing/roles
{
"roleId": "<UUID>",
"url": "string",
"payload": {
"id": "<UUID>",
"name": "<String>",
"description": "<String>"
}
}
end note
activate mck

mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table
note bottom
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
note right
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
mck -> mck_db: Retrieve all tenants list

loop tenants size count
alt #E8F3E1 tenant id does not exist in role_capability_sets table
mck -> mck: Add tenant to POST Role Publish Coordinator tenants list
mck -> mck_db: Create new entity
note right
| tenant_id | role_id |
| "tenant B" | <UUID2> |
end note
else #F3E1E2 tenant id exists
mck -> mck: Add tenant to PUT Role Publish Coordinator tenants list
end
end

mck -> mck: Set source as Consortium for all role (Create and Update)

mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token

mck -> mc_pc: Initiate PC request with POST HTTP method to create role
mc_pc -> mrk: Send HTTP POST request to create role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck -> mc_pc: Initiate PC request with PUT HTTP method to update role
mc_pc -> mrk: Send HTTP POST request to create role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck --> user: Return response with both PC ids
note right
Response payload:
{
"createRolePCId": "<UUID>",
"updateRolePCId": "<UUID>"
}
end note

user -> mck: Check if POST PC completed: /consortia/<UUID>/publications/<UUID>
user -> mck: Check if PUT PC completed: /consortia/<UUID>/publications/<UUID>

@enduml

Diagram for Delete Shared Setting functionality

 PlantUML source code
@startuml

!pragma teoz true
!theme cerulean

autonumber

actor "user" as user

participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk

user -> mck: Initiate deleting role action
note right
DELETE /consortia/<consortiumId>/sharing/roles/<roleId>
{
"roleId": "<UUID>",
"url": "string"
}
end note
activate mck

mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using roleId
note bottom
| tenant_id | role_id |
| "tenant A" | <UUID1> |
end note
note right
| tenant_id | role_id |
| "tenant A" | <UUID1> |
| "tenant B" | <UUID2> |
end note

loop tenants where role is exists
mck -> mck: Add tenant to DELETE Role Publish Coordinator tenants list
end

mck -> mck_db: Remove record with "roleId" and "tenant A" variables

mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token

mck -> mc_pc: Initiate PC request with DELETE HTTP method to delete a role
mc_pc -> mrk: Send HTTP DELETE request to delete role
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck --> user: Return response with PC id
note right
Response payload:
{
"deleteRolePCId": "<UUID>"
}
end note

user -> mck: Check if DELETE PC completed: /consortia/<UUID>/publications/<UUID>

@enduml

Diagram for Share Role and CapabilitySets functionality. Role and Capabilities also similar to this flow

 PlantUML source code
@startuml

!pragma teoz true
!theme cerulean

autonumber

actor "user" as user

participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk

user -> mck: Initiate sharing role capability sets action
note right
POST /consortia/<consortiumId>/sharing/roles/capability-sets
{
"roleId": "<UUID>",
"url": "string",
"payload": {
"roleId": "<UUID>",
"capabilitySetNames": "["<string>", "<string>"]"
}
}
end note
activate mck

mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using is_capability_sets_shared flag true
note bottom
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
end note
note right
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
| "tenant B" | <UUID2> | false |
end note
mck -> mck_db: Retrieve all tenants list

loop tenants size count
alt #E8F3E1 tenant id does not exist in role_capability_sets table
mck -> mck: Add tenant to POST Role Capability Sets Publish Coordinator tenants list
mck -> mck_db: Set is_capability_sets_shared flag to true for new tenant
else #F3E1E2 tenant id exists
mck -> mck: Add tenant to PUT Role Capability Sets Publish Coordinator tenants list
end
end

mck -> mck: Set source as Consortium for all role capability sets (Create and Update)

mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token

mck -> mc_pc: Initiate PC request with POST HTTP method to create role capability sets
mc_pc -> mrk: Send HTTP POST request to create role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck -> mc_pc: Initiate PC request with PUT HTTP method to update role capability sets
mc_pc -> mrk: Send HTTP POST request to create role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck --> user: Return response with both PC ids
note right
Response payload:
{
"createRoleCapabilitySetsPCId": "<UUID>",
"updateRoleCapabilitySetsPCId": "<UUID>"
}
end note

user -> mck: Check if POST PC completed: /consortia/<UUID>/publications/<UUID>
user -> mck: Check if PUT PC completed: /consortia/<UUID>/publications/<UUID>

@enduml

Diagram for Delete Shared Setting functionality

 PlantUML source code
@startuml

!pragma teoz true
!theme cerulean

autonumber

actor "user" as user

participant "mod-consortia-keycloak" as mck
database "mod-consortia-keycloak DB" as mck_db
participant "mod-consortia-publish-coordinator" as mc_pc
participant "mod-login-keycloak" as ml
participant "mod-roles-keycloak" as mrk

user -> mck: Initiate deleting role capability sets action
note right
DELETE /consortia/<consortiumId>/sharing/roles/<roleId>/capability-sets
{
"roleId": "<UUID>",
"url": "string"
}
end note
activate mck

mck -> mck_db: Retrieve tenants associated with the roleId from sharing_role table using is_capability_sets_shared flag true
note bottom
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
end note
note right
| tenant_id | role_id | is_capability_sets_shared |
| "tenant A" | <UUID1> | true |
| "tenant B" | <UUID2> | false |
end note

loop tenants where role capability set is shared
mck -> mck: Add tenant to DELETE Role Capability Sets Publish Coordinator tenants list
end

mck -> mck_db: Set is_capability_sets_shared flag to false for "roleId" and "tenant A"

mck -> ml: Login via consortia-system-user
ml --> mck: Return system user's token

mck -> mc_pc: Initiate PC request with DELETE HTTP method to delete role capability sets
mc_pc -> mrk: Send HTTP DELETE request to delete role capability sets
mrk --> mc_pc: Return response
mc_pc --> mck: Return Publish Coordinator id

mck --> user: Return response with PC id
note right
Response payload:
{
"deleteRoleCapabilitySetsPCId": "<UUID>"
}
end note

user -> mck: Check if DELETE PC completed: /consortia/<UUID>/publications/<UUID>

@enduml


Key Changes

Sharing Role and Capabilities/CapabilitySets suppor roleId + CapabilitySetNames/CapabilityNames and these relationships are supported in mod-roles

Here is diagram to explain why using roleId + CapabilitySetNames/CapabilityNames since name is the same in all tenants


DB table structure

New table shared_role will be created and store role and tenant associations in the central tenant with following structure:

FieldTypeComment
id(PK)UUIDUnique identifier of table
role_id(indexed)UUID

Contains shared setting uuid

is_capabilities_sharedbooleanIndicates role and capabilities shared in tenant
is_capability_sets_sharedbooleanIndicates role and capability sets shared in tenant
tenant_idTextContains tenant where setting was shared