4-tier Application architecture - server side API with noSQL

Question

I've been attempting to architect a server side API that runs using a noSQL database. I'm new to application architecture so I would like some feedback on how I have attempted to separate layers. I think a major part of whats throwing me is the use of a noSQL database which removes the constraint of having to have a defined data model beforehand while at the same time requiring denormalization routines on the data to ensure that data can be queries for quickly.

I'm using 4 layers:

• Data Layer

  • Accepts keyed objects
  • Provides objects from a key
  • Provides lists of objects from queries
  • Provides lists of objects from lists of keys
  • Accepts lists of keyed objects
  • Deletes objects from a key
  • Implements denormalization routines based on definitions in model (many times, parts of some objects are copies to others in order to speed up queries since joins are not possible with noSQL)

• Business Layer

  • Provides business logic
  • Enforces permissions

• Model Layer

  • Defines known objects
  • Definies denormalization (what parts of objects are copied to other parts)
  • Definies permissions (what users can access what objects in what circumstances)

• Presentation layer (RESTful API)

  • Provides restful API for all resources/services including
    • Accessing and modifying objects
    • Provisioning a new user account
    • Logging into an account
    • Anything else the API needs to "do"

I have a few questions about how I have this set up:

1) I believe that information defining denormalization (how and when copies of some ojects are made available in other objects) is part of the definiteion of the model, so I have the routines that provide this information in the model. However, the layer that actually has to do this is the Datalayer, specifically when information is being saved, so I put the routines for implementing the denormalization definitions found in the model in the data layer. Is this correct?

2) Similarly, I have the definitions for Permissions (who can access what information and under what curcumstances) in the model as well. But the business layer will be responsible for delivering this information to the REST API, so this is the layer that I have enforcing permissions. I do not have the data layer enforcing permissions because although some users may not have direct access to some data, that data may be modified indirectly through other actions that the user performs (for example, simple logging in whould update that user's "last_login_time" property although the user would never be able to modify that information at will) Is this correct?

3) Is there anything else here that I have incorrect, anything in general that I should watch out for or anything else I should know?

4) I'm using google app engine for this, either python of the Java low-level api. Is there a framework I should be using that already handles some of this, specifically the denormalization and the permissions?

Thanks!

Answer 1

Without knowing how complicated your data is, why have the data layer separate from the model? I tend to add functionality to my Google App Engine models to do whatever they need to in order to accept data from and get data to the business layer.

Also, why are you planning on using the low-level api instead of the persistence helpers which make persistence as easy as falling down?

I think you should take a couple steps back, define the problem you're trying to solve, and see what Google App Engine has built in to solve it. I'd need information about what you're trying to accomplish before telling you how to do it.