This is a trial demo of ArangoDB that sets up a database with users, workspaces, and objects, similar to the system found in KBase for the purpose of testing out Arango features.
This is all centered around one Foxx microservice app which can be found in the /api
directory
- User auth (signup/login/logout/whoami), password hashing and validation
- Workspace creation, listing, sharing, and copying
- Object creation, updating (which does a copy), and listing
- Object -> object connections using a kind of provenance (
updatedTo
edge) - User -> workspace -> object permissions
Collections
- users
- workspaces
- objects
- sessions
Edges
- contains (workspaces
contains
objects) - hasPerm (users
hasPerm
workspaces (with name "canEdit" or "canView")) - updatedTo (objectA
updatedTo
objectB where objectA.version = objectB.version-1)
Auth rules - workspaces
- When a user creates a workspace, they have the "canEdit" permission on it
- A user can add another user as an editor or viewer to a workspace
- A user can copy a workspace if they can view it
- When a user copies a workspace, it is made private and they are the only editor
- All objects in the previous workspace are accessible in the copied workspace
- All objects are immutable, so any changes to objects in the copied workspace creates a new object that is private to the copied workspace
- A user can make a workspace public, which makes everyone a viewer
- A user can only view workspaces that are public, viewable, or editable
Auth rules - objects
- A user can only create an object in a workspace in which they are an editor
- A user can only view objects for a workspace in which they are a viewer (or editor)
- A user can view objects through the "provenance" chain (using the
updatedTo
edge), even if those objects are in other, private workspaces. - A user can update an object in a workspace if they are an editor of the workspace
More copying details
- When a user copies a workspace, new
contains
edges are created between all objects in the old workspace and the new workspace (the objects are not copied; only new references are made) - If a user updates an object in a copied workspace, a new object is created that is only linked to the new, copied worksapce. (Viewers of the old workspace have no access to the updated object. Only users who can view the copied workspace can view the updated object.)
View the API via the Swagger UI documention, which can be found at:
- View the endpoint "/_db/_system/basic/docs"
- View the "basic" API service under "services" in the dashboard
You can run and test ArangoDB locally using the provided simple docker-compose.yaml:
$ docker-compose up
Then open up localhost:8529
with user root and pass password
. Use the database "_system".
The database schema should get loaded when you run the stup for the basic
service
I like to use the foxx cli to do updates and run tests:
# Update the service immediately:
$ foxx upgrade --dev /basic --server http://localhost:8529 -u root -p pass -v
$ foxx test /basic -u root -p pass
You can also zip the api folder and upload manually via the dashboard
- Foxx Fine-Grained Permissions Tutorial
- Using authentication (Cookbook)
- Authentication (Manual - Getting Started)
- User Management (Foxx Manual)
Copyright (c) 2018 kbase
License: MIT