Return-Path: X-Original-To: apmail-usergrid-commits-archive@minotaur.apache.org Delivered-To: apmail-usergrid-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 482E518D28 for ; Wed, 5 Aug 2015 14:58:21 +0000 (UTC) Received: (qmail 94206 invoked by uid 500); 5 Aug 2015 14:58:21 -0000 Delivered-To: apmail-usergrid-commits-archive@usergrid.apache.org Received: (qmail 94133 invoked by uid 500); 5 Aug 2015 14:58:21 -0000 Mailing-List: contact commits-help@usergrid.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@usergrid.incubator.apache.org Delivered-To: mailing list commits@usergrid.incubator.apache.org Received: (qmail 93910 invoked by uid 99); 5 Aug 2015 14:58:21 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Aug 2015 14:58:21 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id DFE9ADFF94; Wed, 5 Aug 2015 14:58:20 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: snoopdave@apache.org To: commits@usergrid.apache.org Date: Wed, 05 Aug 2015 14:58:29 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [10/51] [abbrv] [partial] incubator-usergrid git commit: Switch over to new docs for the website. http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/2a55601f/content/docs/introduction/data-model.html ---------------------------------------------------------------------- diff --git a/content/docs/introduction/data-model.html b/content/docs/introduction/data-model.html new file mode 100644 index 0000000..e8aba1e --- /dev/null +++ b/content/docs/introduction/data-model.html @@ -0,0 +1,449 @@ + + + + + + + + + + + Usergrid Data model — Apache Usergrid 1.0 documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ + + + + + +
+
+
+ +
+
+
+
+ +
+

Usergrid Data model

+

Usergrid models the data for your apps as application-specific +collections of data entities managed within an organization. The +following is an overview of the component hierarchy that makes up the +data model, and is intended to help you understand how data is stored, +managed and accessed.

+
+

Organizations

+

An organization contains one or more applications, and represents +administrator-level access. Multiple accounts may be given administrator +access to an organization. Accounts can also be members of multiple +organizations.

+

An organization with the same name as your username is automatically +created for you when you sign up. By default, you are assigned as the +administrator of this organization.

+
+
+

Applications

+

In Usergrid, you can create one or more applications within an +organization. Applications represent an instance of application data +associated with an app, and you may create as many applications as you +wish. This allows you to utilize the backend in a way that corresponds +to your development process. For example, you might create separate +applications for development and production instances of your app. By +default, all organization have a sandbox application (see Using a +Sandbox Application for important information regarding the default +sandbox application).

+

Each application provides the infrastructure for storing, retrieving, +updating and deleting the entities and collections associated with a +specific app instance.

+
+
+

Collections

+

Usergrid stores all data entities in uniquely-named collections. +Collections are created automatically for every entity type, including +custom entities, and are named using the plural form of the entity type +they store. For example, all user entities are stored in the /users +collection, and all device entities in the /devices collection. An +entity can belong to only one collection.

+

Currently, collections cannot be renamed or deleted; however, all of the +data entities in a collection can be updated or deleted.

+
+
+

Entities

+

An entity represents a basic, JSON-formatted data object that is used by +your app, such as a user, device, event or asset. Unlike records in +conventional database tables, which have a rigid schema that defines +what they can store and how they can be related to each other, Usergrid +entities are very flexible. This makes Usergrid a powerful solution for +managing data for modern applications, where people, places, and content +often need to be associated in a way that is most appropriate from a +user perspective.

+

Here is a simple example of an entity:

+
{
+  "uuid" : "5c0c1789-d503-11e1-b36a-12313b01d5c1",
+  "type" : "user",
+  "created" : 1343074620374,
+  "modified" : 1355442681264,
+  "username" : "john.doe",
+  "email" : "jdoe57@mail.com",
+  "name" : "John Doe"
+}
+
+
+
+
+

Default entities

+

The following entity types are predefined in Usergrid. For more details, +see Default Data Entity Types.

+
    +
  • user
    • +
  • group
    • +
  • role
    • +
  • application
    • +
  • activity
    • +
  • device
    • +
  • asset
    • +
  • folder
    • +
  • event
    • +
  • notifier
    • +
  • notification
    • +
  • receipt
    • +
+
+
+

Properties

+

A data entity is a set of properties, which can each contain any +JSON-representable value, including a nested JSON document. All entities +have predefined properties, but you are free to define any number of +custom properties for any entity. Default properties require specific +data types for validation purposes, while custom properties can be any +JSON data type. Most predefined and all application-defined entity +properties are indexed, allowing you to query collections quickly and +easily.

+

Individual or multiple properties can be updated in a single operation; +however, partial updating of nested JSON documents is not supported. +This means that all properties of a nested document must be provided in +a PUT request for the update of the nested document to be processed, +even if the some of the values have not changed.

+
+
+

Default properties

+

At a minimum, each entity is defined by two properties, both of which +are strings: type and UUID. The entity ‘type’ is the singular form of +the collection the entity is stored in. For example, an entity in the +‘users’ collection has an entity type of ‘user’. The entity ‘UUID’ is an +immutable universally unique identifier, which can be used to reference +the entity. A UUID is automatically generated for every entity when it +is created. You can also create custom entities and entity properties; +however, Usergrid reserves certain entity types with pre-defined +properties by default. For a complete list of reserved entities and +properties, see Default Data Entity Types.

+

When you access the system via the API, you’ll always provide your +organization UUID or name, application UUID or name, and typically the +UUID or name of the entity you’re modifying or retrieving.

+

All entities have the following default properties:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + +
PropertyTypeDescription
uuidUUIDEntity unique id
typestringentity type (for example, user)
createdlongUTC timestamp in milliseconds of when the entity was +created
modifiedlongUTC timestamp in milliseconds of when the entity was +last modified
+

Custom entities also have an optional name property that is a string +identifier.

+
+
+ + +
+
+ + +
+
+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/2a55601f/content/docs/introduction/usergrid-features.html ---------------------------------------------------------------------- diff --git a/content/docs/introduction/usergrid-features.html b/content/docs/introduction/usergrid-features.html new file mode 100644 index 0000000..496a33d --- /dev/null +++ b/content/docs/introduction/usergrid-features.html @@ -0,0 +1,449 @@ + + + + + + + + + + + Usergrid Features — Apache Usergrid 1.0 documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ + + + + + +
+
+
+ +
+
+
+
+ +
+

Usergrid Features

+

Usergrid provides developers with access to a flexible data store and +enables you to quickly integrate valuable features into your app, +including social graphs, user management, data storage, push +notifications, performance monitoring, and more.

+

With Usergrid, developers can set up their own cloud-based data platform +in minutes instead of months – no server-side coding or back-end +development needed. This allows your developers to focus on developing +the rich features and user experience that truly differentiate your app, +rather than on the time-consuming details of implementing core back-end +services and infrastructure.

+
+

Data storage & management

+
+

Application data

+

At the core of Usergrid is a flexible platform that can store any type +of application data, from simple records like a catalog of books to +complex associations like user relationships. No matter what type of +data drives your app, you can store it as collections of data entities +and immediately perform complex queries or full-text searches on any +field. You can also create custom entities with custom properties, +giving you the ability to store data and context in a way that makes +sense for your app.

+

To learn more about entities and collections, see Usergrid Data model.

+

For a complete list of the default data entities available, see Default +Data Entity Types.

+
+
+

Files & assets

+

Images, video, and audio are key components of a great app experience. +With Usergrid, you can upload and retrieve binary objects from the same +data store as the rest of your application data, eliminating the need to +set up content delivery networks (CDNs) and easing implementation. We +handle all the back-end details that keep your content quickly +accessible.

+

To learn more about files and asset storage, see Uploading files and +assets .

+
+
+
+

Flexible data querying

+

One of Usergrid’ most powerful features is the ability to perform +SQL-style queries and full-text searches on data entities, as well as +their properties. This lets you quickly retrieve specific data entities +based on multiple criteria, then utilize that data to power social +features, target push notifications, perform user analysis, and more.

+

Learn more about querying app data, see Data query overview.

+
+
+

Social

+
+

Entity relationships

+

You can create relationships between data entities to help build +features, improve user experience, and contextualize data. For example, +you might associate a user with their devices to capture valuable +geolocation data, create relationships between users to build social +graphs, or implement popular features such as activity streams.

+

To learn more about entity relationships, see Entity connections.

+
+
+

Activity streams

+

A key aspect of social networking apps is the ability to provide and +publish data streams of user actions, such as ongoing lists of comments, +activities, and tweets. Usergrid simplifies management and routing of +these data streams by providing an activity entity that is specifically +designed to automatically create a relationship between activities and +the user who created them.

+

To learn more about activities and activity feeds, see Activity feeds.

+
+
+
+

User management

+
+

Registration and login

+

You can easily add and manage users by providing the core services +necessary to handle secure registration and log in, including OAuth +2.0-compliant client authentication. In addition, any number of default +or custom data entities and properties can be associated with a user +entity to create complete user profiles.

+

To learn more about user management, see User.

+

To learn more about authentication, see Authenticating users and +application clients.

+
+
+

Roles & permissions

+

Applications often require the ability to configure fine-grain control +of user access to data, features and functionality. Usergrid solves the +implementation details of user access with roles and permissions. Simply +create roles that represent user types or access levels, such as +Administrator, then assign the necessary permissions to that role. With +a single API call, you can then associate your roles with any user or +group of users.

+

To learn more about user roles and permissions, see Managing access by +defining permission rules.

+
+
+

Groups

+

Groups are a flexible way to organize your users based on any number of +criteria. For example, you might group users based on interests or +location to more effectively deliver relevant content, target offers, or +customize campaigns. You can also take advantage of the groups entity to +enable group-based social networking activities, such as allowing your +users to create private information feeds or circles of friends.

+

To learn more about groups, see Working with group data.

+
+
+

Third-party authentication

+

In addition to supporting user management and OAuth-based login for your +app, Usergrid also makes it easy to integrate third-party authentication +through such popular services as Facebook, Twitter and other +OAuth-enabled accounts. Providing third-party sign-in can improve user +experience, while increasing adoption, giving you access to valuable +information from social networks and services.

+

To learn more about using third-party sign-in, see Facebook sign in.

+
+
+
+

Geolocation

+

The device entity allows you to capture geolocation data from your +users’ GPS-enabled devices to more effectively target campaigns, push +notifications, offers and more. Geolocation also gives you an important +data point for contextualizing and analyzing trends and user behavior.

+

To learn more about geolocation, see Geolocation.

+
+
+

Push notifications

+

Push notifications are the most effective way to engage your users with +relevant content, and thanks to Usergrid, implementing them can be done +in minutes. Simply register your app and your user’s devices with a +notification provider, such as Apple Push Notification Service or Google +Cloud Messaging, then use the Usergrid notification entity to send +millions of push notifications a month at no cost. When used in +conjunction with queries of user and application data, push +notifications become a powerful tool for leveraging user data, ensuring +relevancy and driving engagement.

+

To learn more about push notifications, see Push notifications overview.

+
+
+ + +
+
+ + +
+
+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/2a55601f/content/docs/managing-access-defining-permission-rules/index.html ---------------------------------------------------------------------- diff --git a/content/docs/managing-access-defining-permission-rules/index.html b/content/docs/managing-access-defining-permission-rules/index.html deleted file mode 100644 index 40659ec..0000000 --- a/content/docs/managing-access-defining-permission-rules/index.html +++ /dev/null @@ -1,357 +0,0 @@ - - - - - - Apache Usergrid (incubating) — Managing access by defining permission rules - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
- -
- -
-
-
-

Managing access by defining permission rules

- -
-
- -
-

Managing access by defining permission rules

-

You control your app users’ access to application resources by defining roles and permission rules. In your Apache Usergrid application, you assign application users a role that represents a set of permissions. Through these permissions, you allow users to perform certain operations (GET, POST, PUT, or DELETE) on specific resources. When the user submits a request via your app code to the Apache Usergrid API, the user’s permissions are checked against the resource paths that the user is trying to access. The request succeeds only if access to the resource is allowed by the permission rules you specify.

-

You specify roles for unauthenticated users and those who authenticate as an Application User, as defined in Authenticating users and application clients. Roles are not applied for the other authentication levels: Application, Admin User, and Organization. Access at these levels can’t be restricted by roles and permission rules. You should allow clients to authenticate at these levels sparingly and carefully.

-

Roles included by default

-

When defining user access to your application’s data, you create roles, specify permission rules for them, then associate users with the roles. Apache Usergrid includes three predefined roles when you create an application.

-

The following table lists the three roles included by default. Note that two of these are in effect and applied from the time your application is created (until you change them). Apache Usergrid applies the following default behavior:

-
    -
  1. An unauthenticated user is automatically added to the Guest role so that they can register for a user account.
    2. -
  2. A user who has a user account and authenticates with it is automatically added to the Default role. Note that by default, this role is very permissive. Be sure to restrict it with specific permission rules before deploying to production.
    3. -
- ---- - - - - - - - - - - - - - - - - - - - - - - - -
RoleDescriptionNotes

Guest

Default for unauthenticated users. Includes a basic set of permissions for unregistered or unauthenticated users. Users are automatically added to the Guest role before they’re authenticated. After they’re authenticated, users are automatically added to the Default role.

Grants permission for a user to create a user account and for their device to be registered. You can change permission rules based on your goals for unregistered user access. This role is designed to provide access for people who haven’t yet registered, and allow them to register.

Default

Default for authenticated users. Includes permissions for the set of operations you want an authenticated user to be able to perform. Users are added to this role after they’re authenticated.

By default, grants full access for all resources in your application. A first task in securing your application should be to restrict access by redefining this role to narrow the access it provides. Remove the default full permission rule and add restrictive permission rules for a production deployment.

Administrator

Unused until you associate it with users or groups. By default, includes no permissions that provide access.

 -

Grants no access. Consider this a blank slate. Add permission rules and associate this role with users and groups as needed.

-

Note: The Administrator role is not the same as an organization administrator – that is, someone who authenticates as an Admin User. The Admin User is an implicit user created when you create an organization. After authenticating, the Admin User has full access to all of the administration features of the Apache Usergrid API. By comparison, the Administrator role is simply a role (initially without permissions) that can be assigned to any user.

-
-

Defining your own roles and permissions

-

When preparing an application for production use, a good first step is to edit permission rules for the Default role. This role will be applied for every user who authenticates as an Application User.

-

The admin portal is the best place to manage roles. While you can manage roles and permissions programmatically (see Role), security-related calls from a mobile app will pose a security risk. Consider doing so only from a server-side web application.

-

For easy-to-read examples, this section expresses permission rules in this way:

-
<operations>:<entity path pattern>
-
    -
  • <operations> is a comma-delimited set of REST operations (GET, PUT, POST, DELETE) that are allowed for the specified entity path.
    • -
  • <entity path pattern> is a parameter evaluated using Apache Ant pattern matching (see http://ant.apache.org/manual/dirtasks.html#patterns).
    • -
-

For example, in the Default role, first remove the permission rule that grants full access to all authenticated users. You could then begin by creating a rule that grants access for the authenticated user to makes changes only to data associated with their account. 

-
GET,PUT,POST,DELETE:/users/me/**
-

Use the Admin Portal to make role and permission rule changes. On the left sidebar of the portal, click Users, then click Roles. This displays the roles defined for the application. To create a role, click the Add button (it looks like a person’s silhouette). To delete a role, select the role you want to delete and click the Remove button (it looks like a trash can). To view the privileges in a role, click the role.

-

Suppose you created a role named “customer”. Here’s what the privileges for the role might look like:

-
- -
-

Notice that specific privileges for operations are represented using checkboxes in the Permission Rules section. The path indicates the resource path for which the permissions apply. The permissions apply to all resources in the specified path directory and its subdirectories. As currently specified, the worker role has GET permission on the base directory path (/) and all resource paths below it (in other words, all resource paths).

-

You can add a permission, by entering the entity path pattern in the Path field of the Add Permission Rule section, and checking the operation checkboxes (get, post, put, and delete) as appropriate. For example, the following adds permission to create a user:

-
- -
-

Click Add, and the permission is added to the role.

-
- -
-

Permission rule examples

-

Here are some examples to illustrate how permissions are specified:

-
    -

  • Authenticated user can change any data related to the:
    POST:/users/*

    • -

  • A permission the permits the current user to make any changes to resources associated with them:
    GET,PUT,POST,DELETE:/users/me/**

    • -

  • A permission that allows someone to look at a specific user:
    GET:/users/john.doe

    • -
  • -

    A permission that allows the current user to see his activity feed:
    GET:/users/${user}/feed/*

    -

    The ${user} in the entity path refers to a variable that represents the current user’s UUID.

    -
    • -
  • -

    A permission allowing linked entities to be read:
    GET:/users/${user}/**

    -

    The /** in the entity path is a wildcard that matches everything under that path. This means that the full specification matches multiple resource paths, including, but not limited to, the following:

    -
    /users/${user}/feed
-/users/${user}/feed/item1/a/b/c
    -
    • -

  • A permission that allows the current user to add himself or another user to a group:
    POST:/groups/${user}/users/**

    • -
-
-
-
-
-
-
-
- Questions? Please do ask on the mailing-lists!
- -
-
-
-
- - - - - - - - - - - -