Where do we maintain the resource to permission mapping? Is it at the common component level or each app has to maintain its own mapping?
Resource to permission mapping needs to be maintained at each app level. Common component doesn't need to know about the resources but only roles and permissions. At the app level we can implement a hasPermission() method which check whether any of the roles of the current user has respective permission. *Lasantha Samarakoon* | Software Engineer WSO2, Inc. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 (71) 214 1576 Email: [email protected] Web: www.wso2.com lean . enterprise . middleware On Wed, Oct 18, 2017 at 2:04 PM, Tanya Madurapperuma <[email protected]> wrote: > Hi Lasantha, > > Where do we maintain the resource to permission mapping? Is it at the > common component level or each app has to maintain its own mapping? > > Thanks, > Tanya > > On Wed, Oct 18, 2017 at 1:34 PM, Lasantha Samarakoon <[email protected]> > wrote: > >> Hi all, >> >> In the new React based dashboard component we need to implement a >> permission model based on user roles to limit access to dashboard >> resources. Since this can be a common requirement among all the React based >> apps in under Analytics we thought of introducing a common component to >> serve the purpose. Therefore we are thinking of add this component into >> carbon-analytics repository. >> >> Implementation: >> >> As we discussed internally this component will expose an OSGi service >> which provides all the necessary APIs. This includes the following. >> >> - CRUD operations on permissions (i.e. add/edit/delete/get/list >> permissions) >> - Grant and revoke permissions from particular roles. >> >> In order to persist permissions following database will be implemented. >> >> *PERMISSIONS* >> >> ID INT AUTO_INCREMENT PRIMARY KEY >> APP_NAME VARCHAR(3) NOT NULL >> PERMISSION_STRING VARCHAR(50) NOT NULL >> >> >> >> *ROLE_PERMISSIONS* >> >> ID INT AUTO_INCREMENT PRIMARY KEY >> PERMISSION_ID INT NOT NULL >> ROLE_NAME VARCHAR(100) NOT NULL >> >> >> Since we are not maintaining the roles withing this database schema we >> suppose to retrieve them via the SCIM API. >> >> Appreciate your feedback. >> >> >> Regards, >> >> *Lasantha Samarakoon* | Software Engineer >> WSO2, Inc. >> #20, Palm Grove, Colombo 03, Sri Lanka >> <https://maps.google.com/?q=20,+Palm+Grove,+Colombo+03,+Sri+Lanka&entry=gmail&source=g> >> Mobile: +94 (71) 214 1576 <071%20214%201576> >> Email: [email protected] >> Web: www.wso2.com >> >> lean . enterprise . middleware >> > > > > -- > Tanya Madurapperuma > > Associate Technical Lead, > WSO2 Inc. : wso2.com > Mobile : +94718184439 <+94%2071%20818%204439> > Blog : http://tanyamadurapperuma.blogspot.com >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
