CAPABILITY CONTROL LIST MSE PRESENTATION 2 Presented by Srunokshi.Kaniyur.Prema. Neelakantan Major Professor Dr. Torben Amtoft
PRESENTATION OUTLINE Action items from phase 1 presentation tti Architecture design Formal requirement specification Test plan Demo of the application Demo on OCL Questions
ACTION ITEMS FROM PHASE 1 Title of the project to be changed More emphasis to be provided on data security
ARCHITECTURE DESIGN Capability Control List (CCL) follows Model view controller (MVC) design pattern Model View Controller (MVC) design pattern Model data sets and class library code View - ASPX page (user interface for the application) Controller form and data manipulation in code behind - VB.net
DB AND APPLICATION DESIGN CONSIDERATION Indexing and sequencing Indexing - Used to improve overall DB querying performance and is usually used on foreign key columns that are used in table joins and commonly searchable columns for improved data retrieval response time Sequences Auto generated and used as primary key in every table Prevent SQL Injection attacks It is a way of entering SQL commands into input fields, query string and trying to manipulate data sent to and from data base Parameterized query are used din this application to prevent tsql injection Encrypting password fields
ER DIAGRAM There are four entities ii for this application, i i.e. System, Roles, Capabilities and Employee. A system contains one or more roles A system can have one or more capabilities A role can be mapped to zero or more capabilities An employee is mapped to zero or more roles
APPLICATION WEB-FORMS The following are some of the web forms that are used in this application by administrators. ASP.NET FORMS CCLHome.aspx ManageSystem.aspx ManageUser.aspx ManageRoles.aspx EXPLANATION This is the home for administrators This is used for adding the application which capabilities can be controlled by CCL application This is used for managing users across different application This is used for managing roles for the systems controlled by CCL ManageCapability.aspx This is used for managing capabilities for the systems controlled by CCL Login.aspx This is the login page of the application to authenticate users The following are some of the web pages that are used in this application by client users. ASP.NET FORMS CCLWSHome.asmx Login.aspx EXPLANATION This is the home page pg for client users This is the login page of the application to authenticate users
PAGE-FLOW DIAGRAM ADMINISTRATORS CLIENT USERS
CLASS DIAGRAM
OBJECT CONSTRAINT LANGUAGE (OCL) CONSTRAINTS All the system id, user id, role id and capability id should be unique OPERATIONS addusers(userid:integer,username:string,fname:string,lname:string,upwd:string): Boolean pre userpre1: User.allInstances.userid -> excludes(userid) pre userpre2: User.allInstances.username -> excludes(username) post userpost1: User.allInstances.userid -> includes(userid) post userpost2: User.allInstances.username -> includes(username) updateusers(userid:integer,fname:string,lname:string,upwd:string): i S i d S i Boolean pre userpre3: User.allInstances.userid->includes(userid) post userpost3: User.allInstances.userid = User.allInstances.userid@pre post userpost4: User.allInstances.fname= User.allInstances->select(u:User p p ( u.userid<>userid).fname@pre->including(fname)
OCL Contd.. post userpost5: User.allInstances.lname = User.allInstances->select(u:User u.userid<>userid).lname@pre->including(lname) ) post userpost6: User.allInstances.upwd = User.allInstances->select(u:User u.userid<>userid).upwd@pre->including(upwd) dltu deleteusers(userid:integer): t Boolean pre userpre4: User.allInstances.userid -> includes(userid) post userpost7: User.allInstances.userid -> excludes(userid) authenticatelogin(username:string,upwd:string):boolean = User.allInstances-> exists(u:user u.username = username and u.upwd = upwd) ASSOCIATIONS Association and multiplicity for System and Roles association SystemHasRoles between System[0..1] role rsystemassoc Roles[1..*] role sroleassoc End Association and multiplicity for System and Capabilities association iti SystemHasRoles bt between System[0..1] role csystemassoc Capabilities[1..*] role scapabilityassocend End
OCL Contd.. Association and multiplicity for User and roles association UserHasRoles between User[1..*] role possses Roles[0..*] role mapsto end Association and multiplicity for User and roles association RolesMapsToCapabilities between Roles[1..*] role roles Capabilities[0..*] role capability end
TEST PLAN Capability Control List application is used for centrally managing g the capabilities of all the application that are added to this application. Testing of an application is basically done to ensure that the system meets the requirements specified in the Software requirement specification (SRS) document and the quality is maintained. Thiscanbeachievedbycreatinga Testplan fortheapplication. This test plan document is includes the features that are to be tested, testing approach etc. This document follows the standards of IEEE test plan document. PURPOSE Application s test deliverables are identified Testing approaches like performance testing, browser compatibility testing, unit testing etc are identified
TEST PLAN Contd.. Features and critical test cases of the application that are to be tested are identified FEATURES TO BE TESTED Each feature in the application performs different functionalities and these functionalities have to be tested such that the desired outcome is produced. The features to be tested are listed below, Registering first time administrator Login features of the application Creating a new user Creating a new application Creating a new role Creating a new capability Manage application (edit, delete) Manage roles (edit, delete) Manage capabilities (edit, delete) Manage users (edit, delete)
APPLICATION DEMO DEMO USE DEMO
QUESTIONS?