ACS 4 Data Models and the Object SystemBy Pete SuOverview
Developing data models in ACS 4 is much like developing data models
for ACS 3, save for the implementation. As usual, you need to examine
how to model the information that the application must store and
manipulate, and define a suitable set of SQL tables. In our Notes
application, we have to be able to keep track of who entered a
particular note, when they did it, and the actual text of the notes
that users have entered. A simple data model might look like this:
create table notes (
note_id integer primary key,
owner_id integer references users(user_id),
creation_user references(user_id) not null,
creation_date date not null,
last_modified date not null,
title varchar(255) not null,
body varchar(1024)
)
We've omitted constraint names for the purpose of clarity.
Thinking further ahead, we can imagine doing any of the following
things with Notes as well:
Define access control policies on notes.Attach user comments on notes.Allows users to define custom fields to store on their notes.Automatically generate input forms or output displays for notes.Allow other applications to use notes in ways we don't know of yet.
In ACS 4, the key to enabling these types of services on your
application data is to take advantage of the Object System. The first
question anyone asks is usually "Just what are objects, and what do
you use them for anyway?". The short answer: objects are anything
represented in the application's data model that will need to be
managed by any central service in ACS 4, or that may be reusable in
the context of future applications. Every object in the system is
represented using a row in the acs_objects table. This
table defines all the standard attributes that are stored on every
object, including its system-wide unique ID, object type, and some
generic auditing columns.
To make use of the object system, you as the application developer
have to write your data model in a way that is slightly more complex
than before. What you get for this extra work includes:
The lets you
track who is allowed to do what to the rows
in an application table, and gives you an easy way to enforce
this from Tcl.Every object has an attribute called context_id
that provides a way to trivially specify both the default
permissions for an object, and the intended "scope" of an
object. Just set the context_id to the controlling
object and forget about it.And most importantly, any future object-level service - from
a general-comments replacement to personalized ranking - will
become available to your application "for free."How to Use Objects
Using ACS objects is straightforward: all that's required are a few
extra steps in the design of your application data model.
For our example Notes application, to hook into the object system we
make some calls to use our notes table as the basis for a
new object type. Object types are analogous to classes in
programming languages such as C++ and Java. For example, in Java a
class defines a set of attributes that store data and a set of methods
that run code. In ACS 4, we use one or more Oracle tables to store the
data attributes, and we define a PL/SQL package to hold procedures to
define the programming interface to the data model.
The object type itself is described using data in the
acs_object_types and acs_attributes tables,
which plays a role similar to the data dictionary in Oracle. As in
Java, object types can inherit attributes from a parent type, so the
type system forms a hierarchy. Unlike Java, Oracle does not support
this inheritance transparently, so we have to make sure we add our own
bookkeeping code to keep everything consistent. Given all of this,
below you'll find the code needed to describe a new object type called
notes in your system.
Fire up your text editor and open the
ROOT/packages/notes/sql/notes-create.sql file created
during the earlier created the package. Then, do the following:
Describe the new type to the type system
First, add an entry to the acs_object_types table with the following PL/SQL call:
begin
acs_object_type.create_type (
supertype => 'acs_object',
object_type => 'note',
pretty_name => 'Note',
pretty_plural => 'Notes',
table_name => 'NOTES',
id_column => 'NOTE_ID'
);
end;
/
show errors;
This PL/SQL call tells the system that we would like to use the table
NOTES as the basis for a new object type called
note. This type is a subtype of the
acs_object type, which means that we want to inherit all
of the basic attributes of all ACS objects. As mentioned, it will take
some work on our part to make this happen, since Oracle can't do it
automatically. In general, most basic applications will define types
that are simple subtypes of acs_object.
Now add entries to the acs_attributes table to describe
the data attributes of the new type. This data can eventually be used
to do things like automatically generate user interfaces to manipulate
the notes table, though that functionality isn't yet
available.
declare
attr_id acs_attributes.attribute_id%TYPE;
begin
attr_id := acs_attribute.create_attribute (
object_type => 'note',
attribute_name => 'TITLE',
pretty_name => 'Title',
pretty_plural => 'Titles',
datatype => 'string'
);
attr_id := acs_attribute.create_attribute (
object_type => 'note',
attribute_name => 'BODY',
pretty_name => 'Body',
pretty_plural => 'Bodies',
datatype => 'string'
);
end;
/
show errors;
We can stop here and not bother to register the usual ACS 3.x
attributes of creation_user, creation_date
and last_modified, since the object type
acs_object already defines these attributes. Again,
because the new type note is a subtype of
acs_object, it will inherit these attributes, so there is
no need for us to define them.
Define a table in which to store your objects
The next thing we do is make a small modification to the data model to
reflect the fact that each row in the notes table
represents something that is not only an object of type
note, but also an acs_object. The new table
definition looks like this:
create table notes (
note_id integer references acs_objects(object_id) primary key,
owner_id integer references users(user_id),
title varchar(255) not null,
body varchar(1024)
)
Again, the usual creation_date and
modified_date columns are absent since they already exist
in acs_objects. Also, note the constraint we have added
to reference the acs_objects table, which makes clear
that since note is a subtype of acs_object,
every row in the notes table must have a corresponding row in the
acs_objects table. This is the fundamental means by which
we model inheritance; it guarantees that any services developed that
use the acs_objects table to find objects will
transparently find any objects that are instances of any subtype of
acs_objects.
Define a package for type specific procedures
The next step is to define a PL/SQL package for your new type, and
write some basic procedures to create and delete objects. Here is a
package definition for our new type:
create or replace package note
as
function new (
note_id in notes.note_id%TYPE default null,
owner_id in notes.owner_id%TYPE default null,
title in notes.title%TYPE,
body in notes.body%TYPE,
object_type in acs_object_types.object_type%TYPE default 'note',
creation_date in acs_objects.creation_date%TYPE
default sysdate,
creation_user in acs_objects.creation_user%TYPE
default null,
creation_ip in acs_objects.creation_ip%TYPE default null,
context_id in acs_objects.context_id%TYPE default null
) return notes.note_id%TYPE;
procedure delete (
note_id in notes.note_id%TYPE
);
end note;
/
show errors
You might be wondering what all the extra parameters are to these
calls, since we haven't mentioned them before. These parameters are
needed to fill out information that will be stored about the object
that's not stored directly in the table you defined. The ACS 4 Object
System defines these attributes on the type acs_object
since all objects should have these attributes. Internally, there are
tables that store this information for you. Most of the data is pretty
self-explanatory and reflects attributes that existed in the earlier
ACS 3.x data models, with the exception of the context_id
attribute.
The context_id attribute stores the ID of an object that
represents the default security domain to which the object belongs. It
is used by the permissions system in
this way: if no permissions are explicitly attached to the object,
then the object inherits its permissions from the context. For
example, if I had told you how to use the permissions system to specify that an
object OBJ was "read only", then any other object that used OBJ as its
context would also be "read only" by default. We'll talk about this more
later.
Define a package body for type specific procedures
The PL/SQL package body contains the implementations of the procedures
defined above. The only subtle thing going on here is that we must use
acs_object.new to insert a row into
acs_objects, before inserting a row into the
notes. Similarly, when we delete a row from
note, we have to be sure to delete the corresponding
acs_object row.
create or replace package body note
as
function new (
note_id in notes.note_id%TYPE default null,
owner_id in notes.owner_id%TYPE default null,
title in notes.title%TYPE,
body in notes.body%TYPE,
object_type in acs_object_types.object_type%TYPE default 'note',
creation_date in acs_objects.creation_date%TYPE
default sysdate,
creation_user in acs_objects.creation_user%TYPE
default null,
creation_ip in acs_objects.creation_ip%TYPE default null,
context_id in acs_objects.context_id%TYPE default null
) return notes.note_id%TYPE
is
v_note_id integer;
begin
v_note_id := acs_object.new (
object_id => note_id,
object_type => object_type,
creation_date => creation_date,
creation_user => creation_user,
creation_ip => creation_ip,
context_id => context_id
);
insert into notes
(note_id, owner_id, title, body)
values
(v_note_id, owner_id, title, body);
return v_note_id;
end new;
procedure delete (
note_id in notes.note_id%TYPE
)
is
begin
delete from notes
where note_id = note.delete.note_id;
acs_object.delete(note_id);
end delete;
end note;
/
show errors;
That's pretty much it! As long as you use the note.new
function to create notes, and the note.delete function to
delete them, you'll be assured that the relationship each
note has with its corresponding acs_object
is preserved.
The last thing to do is to make a file
ROOT/packages/notes/sql/notes-drop.sql so it's easy to
drop the data model when, say, you're testing:
begin
acs_object_type.drop_type ('note');
end;
/
show errors
drop package note;
drop table notes;
When to Use Objects
While it is generally hard to give general design advice without
knowing anything about a particular application, you should follow the
following rule of thumb when deciding when to hook part of your data
model to the object system:
Anything in your data model that needs to be available to general ACS
services such as user comments, permissions, and so on should be a
subtype of acs_object. In addition, if you want your data
model to take advantage of attributes that exist in some object type
that is a subtype of acs_object, then you should use the
object system.
For example, for most applications, you will want to use objects to
represent the data in your application that is user visible and thus
requires access control. But other internal tables, views, mapping
tables and so on probably don't need to be objects. As before, this
kind of design decision is mostly made on an
application-by-application basis, but this is a good baseline from
which to start.
Design Guidance
In this section we cover some overall guidelines for designing data
models that are meant to be integrated with the ACS object
system.
There are two basic rules you should follow when designing ACS 4 data
models:
Never utilize fields in the acs_objects table in
application specific ways. That is, never assign any
application-specific semantics to this data. In the notes
application, we use the creation_date and
last_modified fields, but this is OK since we do not
assign any application-specific meaning to these fields.
In particular, never assign any application specific semantics to the
context_id attribute of an object. This field is used for
a very specific purpose by the permissions system, and using this
field in any other way whatsoever is guaranteed to make your
application act strangely.
As we'll see later, the Notes example will point each note object's
context_id to the package instance in which the note was
created. The idea will be that in a real site, the administrator would
create one package instance for every separate set of Notes (say, one
per user). The instance would "own" all of the notes that it created,
and the administrator would be able to use the package instance as
the basis for access control, which is convenient.
The reason behind these two rules is pretty straightforward: First,
the ACS Object system itself is meant to be a generic and reusable
tool for any application to use for basic services. Second, in order
for this to work, the various parts of the ACS Objects data model must
be interpreted in the same way by all applications that use the data
model. Therefore, assigning any application-specific semantics to any
part of the core data model is a bad thing to do, because then the
semantics of the data model are no longer independent of the
application. This would make it impossible to build the generic tools
that the data model is trying to support.
Another less important reason for these two rules is to not introduce
any joins against the acs_objects table in SQL queries in
your application that you do not absolutely need.
In the Notes example, the result of applying these rules is that we
are careful to define our own attribute for owner_id
rather than overloading creation_user from the objects
table. But, since we will probably use creation_date and
so on for their intended purposes, we don't bother to define our own
attributes to store that data again. This will entail joins with
acs_objects but that's OK because it makes the overall
data model cleaner. The real lesson is that deciding exactly how and
when to use inherited attributes is fairly straightforward, but
requires a good amount of thought at design time even for simple
applications.
Summary
Hooking into the ACS 4 object system brings the application developer
numerous benefits, and doing it involves only four easy steps:
Describe the a new object type to the system. Most new application
types will be subtypes of the built-in type acs_object.
Define a table to store application object data.
Define a PL/SQL package to store procedures related to the new
type. You have to define at least a function called new
to create new application objects and a procedure called
delete to delete them.
Define a package body that contains the implementations of the PL/SQL
procedures defined above.
Try not to write queries in your application that join against
acs_objects. This means you should never use the fields
in acs_objects for application-specific purposes. This is
especially true for the context_id field.
($Id: objects.xml,v 1.1.1.1 2001/03/13 22:59:26 ben Exp $)