smirolo
commented
8 years ago Agreed. Working on better documentation. Any feedback welcome. Thank you!
-
At the bottom of Database Models:
"Organization can be semantically separated in four categories, processor, broker, providers and subscribers.
subscribers: organizations that subscribe to one or multiple Plan. providers: organizations that provides plans others can subscribe to. broker: The provider that controls the website. processor: The organization / backend actually processing the charges.
In a pure Software-as-a-Service setup, there is only one provider which is by definition the broker."
Subscribers and providers are both instances of Organization. This was done such that someone can be a subscriber to a Plan as well as a provider of Software for other subscribers. That's because DjaoDjin is at its core a platform to host Software-as-a-Service apps (ex: Your Organization can provide a CRM tool to subscribers while paying another app, also hosted on the platform, to display usage analytics of your product). It is incidently possible to implement a symmetric double-entry bookkeeping ledger by having a single model Organization.
If someone wants to launch their own saas site, there is only one singleton Organization acting as a provider. That singleton provider Organization is also the platform broker by definition. See example of fixtures to setup a Software-as-a-Service
- The flexible Flexible Security Framework was especially designed to accommodate any kind of business logic. Usually we decorate a URL with the set of decorators/roles/permissions required to access that URL (related example in #84).
Let's say you want to give POST access to contributors on /api/billing/charges/:charge/refund/, you would write the following in your urls.py:
from urldecorators import url
from saas.api.charges import ChargeRefundAPIView
urlpatterns = [
...
url(r'^billing/charges/(?P<charge>[a-zA-Z0-9_\-\+\.]+)/refund/',
ChargeRefundAPIView.as_view(),
name='saas_api_charge_refund',
decorators=['saas.decorators.requires_provider_weak']),
...
]The previous example uses django-urldecorators and a saas.decorators.requires_provider_weak decorator.
The saas.urls module has been split in "common" set of functionalities such that in many cases you can decorate each include() with an appropriate decorator instead of each URL one by one. (ex: testsite/urls.py)
A blog post on Django Rest Framework, AngularJS and permissions might also be useful.
I was interested in exploring more of this project but some of the terms and relationships used are not clear -- even after reading the documentation.
1) What is provider and why are they needed ? If someone wants to launch their own saas site, how does provider even come into play ? I am not sure what was the thought process in adding a organization -- provider relationship
2) In an organization only manager/admin can make POST requests ? Contributors/users only can make GET requests ? What if the saas business needs to be able to provide write access to organization users, but only for the non admin section -- all the payment/billing/admin sections of the organization are not accessible to a regular user.