|
|
|
|
10/3/2012 4:16:21 PM
Pierre-Alexandre Meyer <pierre@ning.com>
|
|
|
|
|
9/27/2012 9:22:32 PM
invoice number is the record id.
Signed-off-by: Pierre-Alexandre Meyer <pierre@ning.com>
|
10/3/2012 4:14:17 PM
lookup from code to ErrorCode is more complex (there are holes
between various ErrorCode types).
Signed-off-by: Pierre-Alexandre Meyer <pierre@ning.com>
|
10/1/2012 9:03:46 PM
done via Shiro. We store a hashed version of the api secret w/ salt.
We use SHA-2 (SHA-256) for now, but we reserve the right to change our minds.
shiro-web enforces Basic auth against most APIs (except tenants and healthcheck resources for now)
in server.
Single tenant mode is still supported: by disabling Shiro in server and/or passing null as tenant id
in API calls contexts, the DAO layer falls back to tenant record id 0.
Tenant information is passed through via TenantContext (r/o calls) and CallContext (r/w calls),
which are turned into InternalTenantContext and InternalCallContext at the DAO layer.
Internal APIs should use the internal versions of these objects but we can't at the moment
(need to extract the services APIs from the api module).
Notes:
* more work is needed to populate account_record_id and tenant_record_id correctly in some places
* we don't have the infrastructure to run different queues (notification/persistent queues) per tenant for now.
* as part of the addition of account record id and tenant record id, we populated the end date in bii for fixed items for convenience.
Signed-off-by: Pierre-Alexandre Meyer <pierre@ning.com>
|
|
|
|
|
