a user is granted access to the application

Diagram

Back-end implementation design

References

Invitation

a power user can send an invitation via email to someone who wants to use the application ( = sign-up), or who already exists but needs to get more rights (e.g. access in writing). The invitation contains :

  • the email address of the user. Note : at sign-up, the user is not yet existing
  • the target object : represents the organisation to which the user needs access, i.e. a real estate agency. The organisation is always a company person see Attributes Dictionary
  • type : represents the nature of the invitation, like for instance "join an organisation", or "grant access for writing"... stored in catalog values
  • validityEndDate : the invitation sent is valid for a period of time, e.g. 24h

Invitation is also containing a link towards a "invitation scope" object

invitation authorities

An invitation must at least contain 1 security authority. A authority defines the rights a user will have in using the application. The authorities will be different according to the type of invitation. Both auhority and type are grouped within a paricluar object. In the present diagram, we can see a "joinOrganisation" object, or a "GrantAccess"

User

a user is an entity, made of a user Id, a user name, a user email and 1 or more value object.s "organisationAccess". A user must be linked to a Natural person. The user contains all information necessary for a particular person to login, and play with the application.

  • user Id and user Name : are given when the guest receives by email the invitation
  • user email : taken from the invitation
  • organisationAccesses : contains the organisation and scope.s included within the invitation

NOTEs

  • at inception, the natural person does not exist.
  • if a user is necessarily linked to a natural person, a natural person can have no user