Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

  • Phase 1 - Capture Ownership on Newly Created Entities
    • Add support for ownership-based claims information
      • Create EdFi_Admin EF migrations to support ownership-based security model:
        • Create OwnershipToken entity/table with OwnershipTokenId (short) as the primary key, and a Description (string with maxlength of 50).
        • Add optional OwnershipTokenId foreign key reference to the ApiClient entity/table.
        • Create the ApiClientOwnershipToken entity/table with ApiClientOwnershipTokenId (int IDENTITY), with foreign key references to OwnershipTokenId (short) and ApiClientId (int).
      • Create EdFi_Admin EF migrations to enhance the AccessTokenIsValid stored procedure to support ownership-based claims
        • Stored procedure must also return the OwnershipTokenId associated with the API client (for "stamping" newly created resources)
        • Stored procedure must also return the collection of the API client's current OwnershipTokens (for authorizing access to existing resources)
      • Enhance OAuthTokenValidator class to populate the ownership-based claims into the ApiClientDetails class
        • Add OwnershipTokenId to the ApiClientDetails class and populate.
        • Add OwnershipTokens collection to the ApiClientDetails class, and populate from stored procedure results.
    • Add ODS support for capturing resource ownership
      • Create a script for adding boilerplate ownership column to each aggregate root table
      • TODO: MetaEd feature toggle ala "Change Queries"
    • Initialize owner upon entity creation
      • Define an IHasOwner interface exposing a single property CreatedByOwnershipTokenId
      • Create an ICreateEntity decorator to assign the CreatedByOwnershipTokenId upon entity creation.
      • Cast the entity to IHasOwner and assign the ownership token value from the API key context (OwnershipTokenId) before creation.
    • Modify generated assets to conditionally support ownership
      • Modify generated entities - Check the feature toggle and add an implementation of the IHasOwner interface on to the aggregate root entities
      • Modify ORM mappings - Check the feature toggle and add a mapping for the CreatedByOwnershipTokenId property/column.
      • NOTE: No need to modify the entity mappers.
  • Phase 2 - Authorize Access Based on Ownership
  • No labels