This contains core configurations, constants, interfaces, and object classes used by all other modules.

Core data organization concept

Org (like github org) -> Project (like git repo) -> Commits and Branches

The objects being versioned are json objects (with optional binary attachments, see artifacts module)

DAO interfaces (dao)

Interfaces for metadata and json storage

Events (services, pubsub)

A default EventService that can publish EventObject (extension of Spring ApplicationEvent that includes event type, projectId, branchId and payload)

Other modules can use the publisher to publish and listen to events (ex. crud publishes events on commit, branch created, etc and webhooks listens for those events)

Service interfaces (services)

Major ones are ProjectService, BranchService, NodeService

Project and Node services can have different implementations based on the project schema in order to provide different behaviors if needed.

A default schema implementation is registered by the crud module, new schemas and service implementations provided by modules need to be registered by injecting and adding to the ProjectSchemas under config

see crud, cameo for examples

Security and Permissions (security, config, delegation, services)

Locally, MMS uses role based permissions on the org, project, and branch level, for user and groups. There can be different permission implementations that are delegated to for looking up whether a user has certain privileges to do certain things (ex. can user read from project A/branch b)

Current roles are ADMIN, READER, WRITER, each grants a set of Privileges like PROJECT_READ, PROJECT_EDIT, etc

Roles can be assigned to groups per org/project/branch, a user’s groups are inferred from Spring Security’s Authentication‘s getAuthorities method (it’s hijacked a bit to fit what we need), then the user, groups, target object and privilege requested are given to a permission delegate implementation to determine authorization. The permission delegate implementation can do whatever it wants with the input to return true/false.

A special group/authority that denotes admin status is mmsadmin, an authentication provider can add this to the user’s authorities to denote admin status and mms will allow operation on all endpoints.

See MethodSecurityService (used by controllers gating access to endpoints) and PermissionService

see permission or twc for more examples

ContextHolder (config)

Instead of passing projectId, branchId everywhere, ContextHolder can be used to get/set the context for the thread.

Exceptions (exceptions)

Runtime Exceptions that’ll return the corresponding http response code