Hi, Previous versions(Before C5) of APIM Publisher, Store Apps front end validations were done based on user roles.
But with C5 we think of fine graining User Interfaces by controlling access to UI components such as Add, Edit, Delete buttons/links based on the user scopes. 1. We need to find scopes associate with each action (REST api call). This can be done in two ways. - Read the scopes from swagger definition - Associate scopes with the UI component itself. IMO associate scopes with the UI component will be more efficient than processing swagger definition while rendering UI. 2. We need to find logged in user scopes and persists in somewhere - We can do a introspect call and get the user scopes. - We can get the roles from logged in user claims and then find scopes based on role to scopes mapping In both the cases we will need to persist these info in a browser session. persisting user claims will be helpful for future use cases as well. We can use a secure cookie with HttpOnly and Secure flags enabled to persist these data. *Implementation* There will be a common js function that accepts UI component and then it validates against user scopes. Based on that the UI component will be enabled/ disabled. Followings are the UI components that have identified to be validated among currently available UIs. *-Publisher-* 1.Create API 2. API - Edit 3. API - Delete 4.Change Policies - Update 5. Change Labels - update 6. Change LC status buttons 7. Endpoint Update 8. Resource Add 9. Resource Save 10. Document Add 11. Document Edit/Delete 12. Create new version - Add 13. Access Controll - Not yet Available 14. Mediation - todo 15. Scripting - todo *-Store-* 1. Application - Add 2. application - View 3. application - Edit 4. application - Delete 5. Subscription - todo Appreciate your thoughts. Thanks & Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
