Core Speficication - DRAFT

Changes

2005.04.01: First version.
2005.04.04: added OPENPSA_C_SCHEDULING, minor clarifications.
2005.04.05: Changed list_preferences specification and object prototype.

Requirements

Configuration store
- Components and Capabilities enabled on SG level.
Workgroup registry
- Keeps cache and peridiocally refreshes it by querying the components.
- Handles workgroup register and remove from cache atomically.
ACL Core
- Each object can define access control on capability level to it, ACL core is responsible for querying the enabled components for their enabled capabilities as well as the object ACL, then presenting merged list of rights on capability level.
- ACL is defined as an array, capability is first level key, second level keys are GUIDs of workgroups or persons, third level keys are read, write and owner, it's allowed to have multiple owners in ACL, however the way each component handles owner is not specified.

Core Classes

org_openpsa_component
- prototype for components, each component will extend this class like: org_openpsa_component_projects.
- methods
- init_check()
  - Returns FALSE, must be overridden by main class.
  - Component must make sure it is correctly initialized for configured capabilities, if not it must try to transparently initialize.
  - If initialization check fails turns all capabilities off and sets error for get_errstr().
- list_workgroups()
  - Called byt the core workgroup registry, returns array of org_openpsa_workgroup objects.
- list_capabilities($default=FALSE)
  - Returns an array, keys are capability constants values boolean.
  - If nothing is stored in org_openpsa_configuration or $default is true returns component default list.
- set_capability($capability, $bool)
  - Sets capability value on component level, returns TRUE unless error in saving, in which case returns FALSE (and method get_errstr() can be used to get error description).
  - Uses org_openpsa_configuration for storage.
- register_workgroup($obj)
  - Returns FALSE, must be overridden by main class.
  - First saves the org_openpsa_workgroup object to _component workgroup backend then registers to core workgroup registry. returns GUID of the workgroup on success, FALSE on failure.
  - If $obj->guid is set and points to existing workgroup the existing workgroup is updated.
- delete_workgroup($guid)
  - Returns FALSE, must be overridden by main class.
  - Deletes workgroup from component backend, de-registers workgroup from core WG registry, returns TRUE on success, FALSE on failure.
- get_errstr()
  - Returns last error string
- set_preference($capability, $bool, $user)
  - Saves user preference on whether to enable or disable capability
  - Returns TRUE on success, FALSE on failure
  - if $user (=GUID or object) is not set defaults to current user.
  - Must not be overridden by main class.
- list_preferences($user)
  - If $user (=GUID or object) is not set defaults to current user.
  - Returns array, first level keys are capabilities values are boolean.
  - returns only preferences, org_openpsa_aclhandler is responsible for merging.
- parameters
- name
  - Name of the component
- capability_map
  - Array, first level keys are capabilities second level keys are object class names, values are lists of parameters.
org_openpsa_object
- Prototype for all storage objects in OpenPSA, each object will extend this class like: org_openpsa_object_project.
- Methods
- constructor($input)
  - Returns FALSE, must be overridden by main class.
  - This must be able accept as input local id, GUID or array, in case of array input, if array contains key id or key guid then contructor must fetch the original object before appending/replacing parameters from the array.
  - Robust implementation can choose to accept also Midgard fetchable as an input making the from_fetchable method just a wrapper.
- get_errstr()
  - Returns last error string
- delete()
  - Returns FALSE, must be overridden by main class.
- create()
  - Returns FALSE, must be overridden by main class.
- update()
  - Returns FALSE, must be overridden by main class.
  - Must check ACL, must make sure not to touch any values that user may not write to.
- save()
  - Checks whether is an existing object or new one, calls create() or update() accordingly.
- from_fetchable($obj)
  - Contructor optimized for Midgard fetchables.
- can_read($capability, $user)
  - If $user is not set, defaults to current user
  - If $capability is not set defaults to OPENPSA_C_BASIC.
  - if $capability is 'ALL', checks for all enabled capabilities
  - Queries org_openpsa_aclhandler and returns TRUE or FALSE.
- can_write($capability, $user)
  - If $user is not set, defaults to current user
  - If $capability is not set defaults to OPENPSA_C_BASIC.
  - if $capability is 'ALL', checks for all enabled capabilities
  - Queries org_openpsa_aclhandler and returns TRUE or FALSE.
- Parameters
- ACL
  - First level keys are capabilities second level keys are GUIDs, third level keys are read, write and owner, values are boolean.
- publicity
  - Used as a shortcut for certain ACL read scenarios. Value is one of the following constants:
  - OPENPSA_P_AGGREGATED
    - Fully public and actively advertised.
  - OPENPSA_P_PUBLIC
    - Fully public.
  - OPENPSA_P_RESTRICTED
    - Metadata is public, otherwise per ACL.
  - OPENPSA_P_PRIVATE
    - Per ACL.
- component
  - string, defines which component "owns" this object.
org_openpsa_workgroup
- Class for describing workgroups to OpenPSA core and components.
- Parameters
- name
  - Display name.
- guid
  - Globally Unique IDentifier.
- ACL
  - ACL array.
- publicity
  - Used as a shortcut for certain ACL read scenarios
- members
  - Array of GUIDs.
- features
  - ACL like array of capabilities available for this workgroup, undefined keys default to SG/Component configuration.
org_openpsa_configuration
- Stores sitegroup and component level configurations.
- Unless an exception case, there must be only one instance of this class present per request.
- parameters
- components
  - list of components in OpenPSA
- features
  - Global capabilities list.
- componentname
  - Component capabilities list.
  - Setting this to single FALSE value is a shortcut for disabling all capabilities of component.
- methods
- set_capability($component, $capability, $bool)
  - Returns TRUE on succes, FALSE on failure.
  - If $component=='GLOBAL' then sets global capability.
  - Setting $capability to FALSE, disables all capabilities of $component.
- get_errstr()
  - Returns last error string.
org_openpsa_wgregistry
- Cental location (and cache) for accessing all workgroup information.
- Unless an exception case, there must be only one instance of this class present per request.
- Methods
- org_openpsa_wgregistry()
  - Reads cache, check cache validity, rebuilds if neccessary.
- rebuildcache()
  - rebuilds cache by querying each component.
- list_user_workgroups($user)
  - If $user (=GUID) is not set defaults to current user.
  - Returns a list of org_openpsa_workgroup objects that have $user as member.
- list_visible_workgroups($user)
  - If $user (=GUID) is not set defaults to current user.
  - Returns a list of org_openpsa_workgroup objects that $user can see.
- list_visible_persons($user)
  - If $user (=GUID) is not set defaults to current user.
  - Returns a list of persons that share workgroup(s) with $user
- list_visible_persons_all($user)
  - If $user (=GUID) is not set defaults to current user.
  - Returns a list of all persons $user can see.
- cache_register($obj)
  - Add org_openpsa_workgroup object to cache.
  - If $obj->guid points to an existing workgroup the existing workgroup is updated.
- cache_delete($guid)
  - Remove workgroup with guid $guid from cache.
org_openpsa_aclhandler
- Central class for querying capability and ACL information.
- Unless an exception case, there must be only one instance of this class present per request.
- parameters
- configuration
  - Reference to org_openpsa_configuration instance
- wgregistry
  - Reference to org_openpsa_wgregistry instance
- Methods
- get_acl($obj, $user)
  - If $user is not set, defaults to current user.
  - Merges global and component capabilities with user capability preferences with object ACL and publicity code to single ACL list, first level keys are capabilities, second level keys are read, write and owner, values are boolean.

Capabilities

All capabilities are defined as constants by OpenPSA core, components must not define capabilities outside the core.

OPENPSA_C_META
- Metadata of object, all objects must define this capability
OPENPSA_C_BASIC
- Most basic "fieldset" of object, includes OPENPSA_C_META, and in some cases nothing but OPENPSA_C_META.
OPENPSA_C_SEARCH
- This one makes sense mostly on component or workgroup level.
OPENPSA_C_PRICING
- Controls pricing information (price,cost,pricelists etc). Mostly used in Projects module.
OPENPSA_C_HOUR_REPORTING
- On workgroup/person controls whether this wg/person can report hours, on project/task/process controls whether hours can be reported to it, on Calendar controls whether to enable "tasks as resources" or not.
OPENPSA_C_APPROVALS
- Makes mostly sense on Projects module hour reports.
OPENPSA_C_INVOICING
- Makes mostly sense on Projects module hour reports.
OPENPSA_C_SCHEDULING
- In projects module used to control access to scheduling (start/end, gantt etc) information, makes most sense in workgroup level.

Definitions

Capability
- Set of connected features within OpenPSA. For example, hour reporting in Projects or search in Documents.
- Capabilities are designed in the way that they can be enabled or disabled freely by ACLs or user preferences.
Component
- Application in OpenPSA. For example, Projects and Sales are components.
ACL
- Access Control List, used to specify access to capabilities and objects.