€cdocutils.nodes
document
q)q}q(U	nametypesq}q(X   uc13qˆX    use case 13 - user authorizationqNX   historyqˆuUsubstitution_defsq	}q
Uparse_messagesq]qUcurrent_sourceqNU
decorationqNUautofootnote_startqKUnameidsq}q(hUuc13qhUuse-case-13-user-authorizationqhUhistoryquUchildrenq]q(cdocutils.nodes
target
q)q}q(U	rawsourceqX	   .. _UC13:UparentqhUsourceqXj   /var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/UseCases/13_uc.txtqUtagnameqUtargetqU
attributesq }q!(Uidsq"]Ubackrefsq#]Udupnamesq$]Uclassesq%]Unamesq&]Urefidq'huUlineq(KUdocumentq)hh]ubcdocutils.nodes
section
q*)q+}q,(hU hhhhUexpect_referenced_by_nameq-}q.hhshUsectionq/h }q0(h$]h%]h#]h"]q1(hheh&]q2(hheuh(Kh)hUexpect_referenced_by_idq3}q4hhsh]q5(cdocutils.nodes
title
q6)q7}q8(hX    Use Case 13 - User Authorizationq9hh+hhhUtitleq:h }q;(h$]h%]h#]h"]h&]uh(Kh)hh]q<cdocutils.nodes
Text
q=X    Use Case 13 - User Authorizationq>…q?}q@(hh9hh7ubaubcsphinx.addnodes
index
qA)qB}qC(hU hh+hhhUindexqDh }qE(h"]h#]h$]h%]h&]UentriesqF]qG((UsingleqHX   Use Case 13Uindex-0qIU NtqJ(hHX   UC13hIU NtqK(hHX   AuthorizationhIU NtqLeUinlineqM‰uh(Kh)hh]ubh)qN}qO(hU hh+hhhhh }qP(h"]h#]h$]h%]h&]h'hIuh(Kh)hh]ubcdocutils.nodes
definition_list
qQ)qR}qS(hU hh+hhh-}hUdefinition_listqTh }qU(h$]h%]h#]h"]qVhIah&]uh(Nh)hh3}qWhIhNsh]qX(cdocutils.nodes
definition_list_item
qY)qZ}q[(hX+   Revisions
View document revision history_.
hhRhhhUdefinition_list_itemq\h }q](h$]h%]h#]h"]h&]uh(K	h]q^(cdocutils.nodes
term
q_)q`}qa(hX	   RevisionsqbhhZhhhUtermqch }qd(h$]h%]h#]h"]h&]uh(K	h]qeh=X	   Revisionsqf…qg}qh(hhbhh`ubaubcdocutils.nodes
definition
qi)qj}qk(hU h }ql(h$]h%]h#]h"]h&]uhhZh]qmcdocutils.nodes
paragraph
qn)qo}qp(hX    View document revision history_.hhjhhhU	paragraphqqh }qr(h$]h%]h#]h"]h&]uh(K	h]qs(h=X   View document revision qt…qu}qv(hX   View document revision hhoubcdocutils.nodes
reference
qw)qx}qy(hX   history_UresolvedqzKhhohU	referenceq{h }q|(UnameX   historyq}Urefuriq~X”   https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/13_uc.txtqh"]h#]h$]h%]h&]uh]q€h=X   historyq…q‚}qƒ(hU hhxubaubh=X   .…q„}q…(hX   .hhoubeubahU
definitionq†ubeubhY)q‡}qˆ(hXp   Goal
Determine if a user is authorized to perform some action on an object (e.g.
get, put, query, delete, ...).
hhRhhhh\h }q‰(h$]h%]h#]h"]h&]uh(Kh)hh]qŠ(h_)q‹}qŒ(hX   Goalqhh‡hhhhch }qŽ(h$]h%]h#]h"]h&]uh(Kh]qh=X   Goalq…q‘}q’(hhhh‹ubaubhi)q“}q”(hU h }q•(h$]h%]h#]h"]h&]uhh‡h]q–hn)q—}q˜(hXj   Determine if a user is authorized to perform some action on an object (e.g.
get, put, query, delete, ...).q™hh“hhhhqh }qš(h$]h%]h#]h"]h&]uh(Kh]q›h=Xj   Determine if a user is authorized to perform some action on an object (e.g.
get, put, query, delete, ...).qœ…q}qž(hh™hh—ubaubahh†ubeubeubhn)qŸ}q (hX   Summaryq¡hh+hhhhqh }q¢(h$]h%]h#]h"]h&]uh(Kh)hh]q£h=X   Summaryq¤…q¥}q¦(hh¡hhŸubaubcdocutils.nodes
block_quote
q§)q¨}q©(hU hh+hhhUblock_quoteqªh }q«(h$]h%]h#]h"]h&]uh(Nh)hh]q¬(hn)q­}q®(hX¢   User authorization is the process followed to determine if the authenticated
user is permitted to perform some operation. The result will always be True
or False.q¯hh¨hhhhqh }q°(h$]h%]h#]h"]h&]uh(Kh]q±h=X¢   User authorization is the process followed to determine if the authenticated
user is permitted to perform some operation. The result will always be True
or False.q²…q³}q´(hh¯hh­ubaubhn)qµ}q¶(hXI   Note: Need to define which objects require access control / authorizationq·hh¨hhhhqh }q¸(h$]h%]h#]h"]h&]uh(Kh]q¹h=XI   Note: Need to define which objects require access control / authorizationqº…q»}q¼(hh·hhµubaubeubhQ)q½}q¾(hU hh+hNhhTh }q¿(h$]h%]h#]h"]h&]uh(Nh)hh]qÀ(hY)qÁ}qÂ(hXH   Actors
- User

- Client application

- Member Node

- Coordinating Node
hh½hhhh\h }qÃ(h$]h%]h#]h"]h&]uh(Kh]qÄ(h_)qÅ}qÆ(hX   ActorsqÇhhÁhhhhch }qÈ(h$]h%]h#]h"]h&]uh(Kh]qÉh=X   ActorsqÊ…qË}qÌ(hhÇhhÅubaubhi)qÍ}qÎ(hU h }qÏ(h$]h%]h#]h"]h&]uhhÁh]qÐcdocutils.nodes
bullet_list
qÑ)qÒ}qÓ(hU h }qÔ(UbulletqÕX   -h"]h#]h$]h%]h&]uhhÍh]qÖ(cdocutils.nodes
list_item
q×)qØ}qÙ(hX   User
h }qÚ(h$]h%]h#]h"]h&]uhhÒh]qÛhn)qÜ}qÝ(hX   UserqÞhhØhhhhqh }qß(h$]h%]h#]h"]h&]uh(Kh]qàh=X   Userqá…qâ}qã(hhÞhhÜubaubahU	list_itemqäubh×)qå}qæ(hX   Client application
h }qç(h$]h%]h#]h"]h&]uhhÒh]qèhn)qé}qê(hX   Client applicationqëhhåhhhhqh }qì(h$]h%]h#]h"]h&]uh(Kh]qíh=X   Client applicationqî…qï}qð(hhëhhéubaubahhäubh×)qñ}qò(hX   Member Node
h }qó(h$]h%]h#]h"]h&]uhhÒh]qôhn)qõ}qö(hX   Member Nodeq÷hhñhhhhqh }qø(h$]h%]h#]h"]h&]uh(Kh]qùh=X   Member Nodeqú…qû}qü(hh÷hhõubaubahhäubh×)qý}qþ(hX   Coordinating Node
h }qÿ(h$]h%]h#]h"]h&]uhhÒh]r   hn)r  }r  (hX   Coordinating Noder  hhýhhhhqh }r  (h$]h%]h#]h"]h&]uh(Kh]r  h=X   Coordinating Noder  …r  }r  (hj  hj  ubaubahhäubehUbullet_listr	  ubahh†ubeubhY)r
  }r  (hXX   Preconditions
- User is at some level of authentication (may be anonymous or logged in)
hh½hhhh\h }r  (h$]h%]h#]h"]h&]uh(K!h)hh]r  (h_)r  }r  (hX   Preconditionsr  hj
  hhhhch }r  (h$]h%]h#]h"]h&]uh(K!h]r  h=X   Preconditionsr  …r  }r  (hj  hj  ubaubhi)r  }r  (hU h }r  (h$]h%]h#]h"]h&]uhj
  h]r  hÑ)r  }r  (hU h }r  (hÕX   -h"]h#]h$]h%]h&]uhj  h]r  h×)r  }r  (hXH   User is at some level of authentication (may be anonymous or logged in)
h }r   (h$]h%]h#]h"]h&]uhj  h]r!  hn)r"  }r#  (hXG   User is at some level of authentication (may be anonymous or logged in)r$  hj  hhhhqh }r%  (h$]h%]h#]h"]h&]uh(K!h]r&  h=XG   User is at some level of authentication (may be anonymous or logged in)r'  …r(  }r)  (hj$  hj"  ubaubahhäubahj	  ubahh†ubeubhY)r*  }r+  (hXž   Triggers
- User is requesting some operation to be performed on an object

- An operation acting as a proxy for a user performs some operation on an
  object
hh½hhhh\h }r,  (h$]h%]h#]h"]h&]uh(K'h)hh]r-  (h_)r.  }r/  (hX   Triggersr0  hj*  hhhhch }r1  (h$]h%]h#]h"]h&]uh(K'h]r2  h=X   Triggersr3  …r4  }r5  (hj0  hj.  ubaubhi)r6  }r7  (hU h }r8  (h$]h%]h#]h"]h&]uhj*  h]r9  hÑ)r:  }r;  (hU h }r<  (hÕX   -h"]h#]h$]h%]h&]uhj6  h]r=  (h×)r>  }r?  (hX?   User is requesting some operation to be performed on an object
h }r@  (h$]h%]h#]h"]h&]uhj:  h]rA  hn)rB  }rC  (hX>   User is requesting some operation to be performed on an objectrD  hj>  hhhhqh }rE  (h$]h%]h#]h"]h&]uh(K$h]rF  h=X>   User is requesting some operation to be performed on an objectrG  …rH  }rI  (hjD  hjB  ubaubahhäubh×)rJ  }rK  (hXO   An operation acting as a proxy for a user performs some operation on an
object
h }rL  (h$]h%]h#]h"]h&]uhj:  h]rM  hn)rN  }rO  (hXN   An operation acting as a proxy for a user performs some operation on an
objectrP  hjJ  hhhhqh }rQ  (h$]h%]h#]h"]h&]uh(K&h]rR  h=XN   An operation acting as a proxy for a user performs some operation on an
objectrS  …rT  }rU  (hjP  hjN  ubaubahhäubehj	  ubahh†ubeubhY)rV  }rW  (hXx   Post Conditions
- The operation continues if the user is authorized or terminates raising an
  unauthorized exception.

hh½hhhh\h }rX  (h$]h%]h#]h"]h&]uh(K,h)hh]rY  (h_)rZ  }r[  (hX   Post Conditionsr\  hjV  hhhhch }r]  (h$]h%]h#]h"]h&]uh(K,h]r^  h=X   Post Conditionsr_  …r`  }ra  (hj\  hjZ  ubaubhi)rb  }rc  (hU h }rd  (h$]h%]h#]h"]h&]uhjV  h]re  hÑ)rf  }rg  (hU h }rh  (hÕX   -h"]h#]h$]h%]h&]uhjb  h]ri  h×)rj  }rk  (hXd   The operation continues if the user is authorized or terminates raising an
unauthorized exception.

h }rl  (h$]h%]h#]h"]h&]uhjf  h]rm  hn)rn  }ro  (hXb   The operation continues if the user is authorized or terminates raising an
unauthorized exception.rp  hjj  hhhhqh }rq  (h$]h%]h#]h"]h&]uh(K*h]rr  h=Xb   The operation continues if the user is authorized or terminates raising an
unauthorized exception.rs  …rt  }ru  (hjp  hjn  ubaubahhäubahj	  ubahh†ubeubeubcdocutils.nodes
comment
rv  )rw  }rx  (hX"  @startuml images/13_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "CRUD API" as c_crud << Coordinating Node >>
participant "Authorization API" as c_authorize << Coordinating Node >>
app_client -> c_crud: get(auth_token, PID)
c_crud -> c_authorize: isAuthorized(auth_token, method, resultset)
loop for each pid in resultset
  c_authorize -> c_authorize: isAuthorized(auth_token, method, pid)
end
c_crud <-- c_authorize: T or F
app_client <-- c_crud: resultset or raise NotAuthorized
@endumlhh+hhhUcommentry  h }rz  (U	xml:spacer{  Upreserver|  h"]h#]h$]h%]h&]uh(K=h)hh]r}  h=X"  @startuml images/13_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "CRUD API" as c_crud << Coordinating Node >>
participant "Authorization API" as c_authorize << Coordinating Node >>
app_client -> c_crud: get(auth_token, PID)
c_crud -> c_authorize: isAuthorized(auth_token, method, resultset)
loop for each pid in resultset
  c_authorize -> c_authorize: isAuthorized(auth_token, method, pid)
end
c_crud <-- c_authorize: T or F
app_client <-- c_crud: resultset or raise NotAuthorized
@endumlr~  …r  }r€  (hU hjw  ubaubcdocutils.nodes
image
r  )r‚  }rƒ  (hX   .. image:: images/13_seq.png
hh+hhhUimager„  h }r…  (UuriX!   design/UseCases/images/13_seq.pngr†  h"]h#]h$]h%]U
candidatesr‡  }rˆ  U*j†  sh&]uh(K?h)hh]ubhn)r‰  }rŠ  (hX)   *Figure 1.* Interactions for use case 13.r‹  hh+hhhhqh }rŒ  (h$]h%]h#]h"]h&]uh(K@h)hh]r  (cdocutils.nodes
emphasis
rŽ  )r  }r  (hX   *Figure 1.*h }r‘  (h$]h%]h#]h"]h&]uhj‰  h]r’  h=X	   Figure 1.r“  …r”  }r•  (hU hj  ubahUemphasisr–  ubh=X    Interactions for use case 13.r—  …r˜  }r™  (hX    Interactions for use case 13.hj‰  ubeubh)rš  }r›  (hX¡   .. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/13_uc.txtU
referencedrœ  Khh+hhhhh }r  (h~hh"]rž  hah#]h$]h%]h&]rŸ  hauh(KCh)hh]ubeubehU Utransformerr   NUfootnote_refsr¡  }r¢  Urefnamesr£  }r¤  h}]r¥  hxasUsymbol_footnotesr¦  ]r§  Uautofootnote_refsr¨  ]r©  Usymbol_footnote_refsrª  ]r«  U	citationsr¬  ]r­  h)hUcurrent_liner®  NUtransform_messagesr¯  ]r°  (cdocutils.nodes
system_message
r±  )r²  }r³  (hU h }r´  (h$]UlevelKh"]h#]Usourcehh%]h&]UlineKUtypeUINFOrµ  uh]r¶  hn)r·  }r¸  (hU h }r¹  (h$]h%]h#]h"]h&]uhj²  h]rº  h=X*   Hyperlink target "uc13" is not referenced.r»  …r¼  }r½  (hU hj·  ubahhqubahUsystem_messager¾  ubj±  )r¿  }rÀ  (hU h }rÁ  (h$]UlevelKh"]h#]Usourcehh%]h&]UlineKUtypejµ  uh]rÂ  hn)rÃ  }rÄ  (hU h }rÅ  (h$]h%]h#]h"]h&]uhj¿  h]rÆ  h=X-   Hyperlink target "index-0" is not referenced.rÇ  …rÈ  }rÉ  (hU hjÃ  ubahhqubahj¾  ubeUreporterrÊ  NUid_startrË  KUautofootnotesrÌ  ]rÍ  Ucitation_refsrÎ  }rÏ  Uindirect_targetsrÐ  ]rÑ  UsettingsrÒ  (cdocutils.frontend
Values
rÓ  orÔ  }rÕ  (Ufootnote_backlinksrÖ  KUrecord_dependenciesr×  NUrfc_base_urlrØ  Uhttps://tools.ietf.org/html/rÙ  U	tracebackrÚ  ˆUpep_referencesrÛ  NUstrip_commentsrÜ  NUtoc_backlinksrÝ  UentryrÞ  Ulanguage_coderß  Uenrà  U	datestamprá  NUreport_levelrâ  KU_destinationrã  NU
halt_levelrä  KUstrip_classesrå  Nh:NUerror_encoding_error_handlerræ  Ubackslashreplacerç  Udebugrè  NUembed_stylesheetré  ‰Uoutput_encoding_error_handlerrê  Ustrictrë  Usectnum_xformrì  KUdump_transformsrí  NUdocinfo_xformrî  KUwarning_streamrï  NUpep_file_url_templaterð  Upep-%04drñ  Uexit_status_levelrò  KUconfigró  NUstrict_visitorrô  NUcloak_email_addressesrõ  ˆUtrim_footnote_reference_spacerö  ‰Uenvr÷  NUdump_pseudo_xmlrø  NUexpose_internalsrù  NUsectsubtitle_xformrú  ‰Usource_linkrû  NUrfc_referencesrü  NUoutput_encodingrý  Uutf-8rþ  U
source_urlrÿ  NUinput_encodingr   U	utf-8-sigr  U_disable_configr  NU	id_prefixr  U U	tab_widthr  KUerror_encodingr  UUTF-8r  U_sourcer  hUgettext_compactr  ˆU	generatorr	  NUdump_internalsr
  NUsmart_quotesr  ‰Upep_base_urlr  U https://www.python.org/dev/peps/r  Usyntax_highlightr  Ulongr  Uinput_encoding_error_handlerr  jë  Uauto_id_prefixr  Uidr  Udoctitle_xformr  ‰Ustrip_elements_with_classesr  NU_config_filesr  ]r  Ufile_insertion_enabledr  ˆUraw_enabledr  KUdump_settingsr  NubUsymbol_footnote_startr  K Uidsr  }r  (hh+hh+hIhRhjš  uUsubstitution_namesr  }r  hh)h }r  (h$]h"]h#]Usourcehh%]h&]uU	footnotesr   ]r!  Urefidsr"  }r#  (h]r$  hahI]r%  hNauub.