How to use the RF's Repository Services

The following sections give a brief overview of the RF's built-in Repository Services.

Repository services supply additional aspects that are not known to the RF, but are related to a repository (see RF Extensions).

Application Properties

Application properties behave like resource properties. In addition, application properties can be dependent on resource and user, whereas resource properties are assigned to the resource only.

The default implementation of an IApplicationProperties repository service, as provided by the RF, stores the application properties in a database table - it does not rely on the repository's ability to handle resource properties. It is therefore independent of the repository implementation used and can be attached to any repository. However it relies on events to delete application properties when a resource is deleted.

Service ACLs

Service ACLs can be used by an application or extension to store additional ACLs that define the specific permissions for that application. For example, the subscription service introduces a new permission "subscription allowed" and uses this service to store the ACEs with these permissions.

The registration of new permissions has to be carried out on start-up by the application, using the IResourceAclManager's addSupportedPermission() method. The service ACL's IResourceAclManager is provided by the IAclService's getAclManager() method.

ACEs are created or modified by an administrator, who uses the KM's ACL editor to define the ACLs of resources (see RF Concepts).

Whenever an application wants to perform an operation that requires a specific permission (one of those registered at start-up) on a resource, it uses the IAclManagers isAllowed() method to check for the required permission, the given resource, and the current user from context.

The RF's default IAclService repository service implementation uses a database to store its ACLs and ACEs. As it is independent of the repository implementation, it can be attached to any repository, but it relies on events to delete ACLs of resources that are deleted.