Role extends DomainType, ProvidesEdgesSource, RequiresEdgeDestination

A specific role of a user within a web application using Role-Based Access Control, providing a particular set of Permissions.

Similarly to the inheritance hierarchy of DomainType, a Role may inherit another Role in order to define a role hierarchy; this is provided by making a Role a subtype of DomainType. That is, a child Role that extends a parent Role through an ExtendsEdge therefore will provide all Permissions that the parent Role provides.

A Role may also define role-specific attributes by defining DomainAttributes according to the semantics of DomainType. These DomainAttributes subsequently become the profile attributes of the given Role.

An IAML model instance will have one Role with the name of "User", representing the root Role type in an application, and this constraint may be satisfied through model completion. All Role instances in a model instance must inherit this Role. As the default role, this "User" role will contain a DomainAttribute with a name of "email" and a DomainAttribute with a name of "password", representing the e-mail address and user password of a user's profile respectively.

[Role.html]

Examples

DomainInheritance.iaml (source)
- DomainTypes can extend other DomainTypes to inherit their attributes. [DomainInheritance] [from DomainType]
DomainInheritanceEditing.iaml (source)
- Creating a new instance of an inherited DomainType,accessible only within a Session. [DomainInheritanceEditing] [from DomainType]
- Creating a new instance of an inherited DomainType. [DomainInheritanceEditing] [from DomainType]
UserCreateRoles.iaml (source)
- Creating a new user by creating a new Role instance. [UserCreateRoles]
UserModifyRoles.iaml (source)
- Adding and removing Roles and Permissionsat runtime through BuiltinOperations. [UserModifyRoles]
- A Role can providea given Permission. [UserModifyRoles]
UserRoleExtends.iaml (source)
- Using an ExtendsEdge to inherit Rolesand Permissions. [UserRoleExtends]

Implementation Notes

Currently, we can only have one root Role in a given InternetApplication. [Definitions]
When a Role is removed from a user instance, all subtype Roles are not also automatically removed. This is probably inconsistent. [Roles]
When a user instance has a Role added, all inherited Permissions with that Role are also added. [Roles]
When a user instance has a Role removed, all inherited Permissions with that Role are also removed. [Roles]

Inference Rules

A login Frame for a LoginHandler of type USER will contain an InputTextField for every non- primary key DomainAttribute within the Role defined as a Parameter to that LoginHandler. [login-handler]
A default Role named 'User' is defined for all InternetApplications. [users]
The default Role will contain an DomainAttribute named 'email'. [users]
The default Role will contain an DomainAttribute named 'password'. [users]
All Roles that do not extend another Role will extend the default Role. [users]
A Role extending the default Role will be provided the same DomainSource. [users]
A DomainType which does not contain a primary key DomainAttribute will contain one named 'generated primary key'. [domain] [from DomainType]
A DomainSource of type PROPERTIES_FILE will populate the 'properties' DomainType with string- typed DomainAttributes for each value in the source properties file. [file-domain-object] [from DomainType]
A primaryKey DomainAttribute in a DomainType, represented as a supertype of another DomainType, will be copied into a new 'ID' DomainAttribute and marked as a foreign key. [domain] [from DomainType]
A non- primaryKey DomainAttribute in a DomainType, represented as a supertype of another DomainType, will be copied into the subtype schema and marked as an subattribute. [domain] [from DomainType]

Constraints

"A DomainType should have at least one DomainSource specified" [Checks.chk] [from DomainType]
"You cannot have a DomainType called single_values (reserved word)" [Checks.chk] [from DomainType]

Inherited Attributes

generatedRule : EString (optional)
To assist in debugging, this attribute may be populated with the name of the model completion rule that created this element. More extensive traceability support may be provided in the future.
id : EString (optional)
A unique identifier for this model element. Should be globally unique.
isGenerated : EBoolean (optional)
Set to true if the current element has been generated.
overridden : EBoolean (optional)
If a GeneratesElements is overridden, then this element will not generate any elements directly.
overriddenNames : EString (optional)
When applying model completion, no NamedElements with these names will be generated by this element.