Introduction

Application is the top level entity in the platform. It is the container for all the resources used in the application. It provides the ability to manage the resources and the users who can access the resources via various roles and permissions. With in the security module there are other entities like Packages, Roles and Permissions which are sometimes related with the application and client and other times they stand on their own. For example a Role can be created which stands on its own when roles are created by SYSTEM client (more on this later in the Client section) but in general roles are created by any other client are related to an application.

When an application is created by a client, that client is the owner of the application. They get to do all the operations like create, update, delete, manage the resources in the application.

Creation

An application can be created by any user with the authority Authorities.Application_CREATE. The basic information it requires to create an app is

• Name: Any name that represents the application.

• Code: A unique code that represents the application. This code is used in the URL to access the application. It is also used in the API to access the application. If one is not provided it is generated based on the Name of the application.

• Type: Currently we are supporting two different app types, APP and SITE. APP is a regular application that has server side logic and SITE is a website or a landing page that does not have much of server side logic except for occasional storage of a contact form or integrating an API or adding analytics like Google Analytics or Facebook Pixel.

• Access Type: This is used to define the access to the application. Currently, sports OWN, ANY and EXPLICIT.

  • OWN: Application with OWN access type can only be accessed by the owning client. If someone or some client need to gain access to the application either write or read, it can be granted by either the owning client or the SYSTEM client. One another way is to provide registration on the application then the client created by this registration process will give read access to the application.

  • ANY: Application with ANY access type can be accessed by any client who are being managed by the client which created the application. They just have to call the API to add access to the application either read or write.

  • EXPLICIT: Application with EXPLICIT access type is used for the applications which are being imported into the system from marketplace. When we import an application from the marketplace, the application is created with EXPLICIT access with the client who is managing the importing client as the owner. This provides us a way to manage the application resources in a way that the client who is importing can upgrade the application without loosing their changes.

• Thumbnail URL: A URL to the image that represents the application. This image is used in the UI to represent the application.

• Client ID: The client for whom this application is being created. If nothing is provided, the logged in client ID is taken as the client ID. If the application is being created for some other client then the logged-in user's client should be either a SYSTEM client or the client that is managing the client for whom the application is being created.

Concept of Inheritance

Everything in this platform is based on the concept of inheritance with very few exceptions like the security items. The inheritance is used to provide the ability to manage the resources in a hierarchical way. If an application is created and given edit access to another client, they can make edits to the application and the resources in the application without losing the updates or changes from the owner of the application. This is achieved by the concept of representing the most of the objects in the form of directed acyclic graphs. More on this when we discuss the objects of Core and UI services.

Update

A user should have the authority Authorities.Application_UPDATE to update an application. Application name, access type, thumbnail URL are the only details one can modify even they are SYSTEM level client. The people who can update an application are SYSTEM client users or the users of the client who created the application or the users of the client who is managing the client for whom the application is created.