So in my network, lets say I have 5 services, all of which require the ability to use files. In an old world app, i'd have implemented file management code each app/service. However, I am looking at implementing a central file service, which would sit on top of s3/gdrive/some other storage location. The 5 original services can talk to the file service if they need to read/write file contents, but they only need to concern themselves with business logic and not all the coding complexity of file systems.
The outside services/apps would pass a uid to the file service to get files. We would also create a tiny web applet to expose the file service on the web so that users in our network could load a file, if they had the file uid.
My issue, is that how do you implement a rich user access model within the file service ? Sure you can ensure that the user is logged in before granting them the file. How would people handle richer logic such as "user Bob can only access files for project 54 but not 56" ? here we have a business rule that is a thorn in the side of being able to decouple files from the apps.
Previously this would have been solved by :
app4.foobar.com/project/download/54
Because you're in app4, you have the contextual information to ensure bob gets that file but not 56.
Where as :
file.foobar.com/download/362390js03-25sgsg3-a3-2525
can't know what a project is, because that is part of the app4 domain model.
Thoughts?
Aucun commentaire:
Enregistrer un commentaire