On Wed, Oct 18, 2017 at 2:20 PM, Lasantha Samarakoon <[email protected]> wrote:
> Where do we maintain the resource to permission mapping? Is it at the > common component level or each app has to maintain its own mapping? > > Resource to permission mapping needs to be maintained at each app level. > Common component doesn't need to know about the resources but only roles > and permissions. At the app level we can implement a hasPermission() method > which check whether any of the roles of the current user has respective > permission. > IMO we should bring that also to the common component. If not every app developer will have to have their own hasPermission method. Instead of that i think it would be better if we can provide a common api for adding resource permission mapping and a common api to check hasPermission. WDYT? Thanks, Tanya > > *Lasantha Samarakoon* | Software Engineer > WSO2, Inc. > #20, Palm Grove, Colombo 03, Sri Lanka > <https://maps.google.com/?q=20,+Palm+Grove,+Colombo+03,+Sri+Lanka&entry=gmail&source=g> > Mobile: +94 (71) 214 1576 <071%20214%201576> > Email: [email protected] > Web: www.wso2.com > > lean . enterprise . middleware > > On Wed, Oct 18, 2017 at 2:04 PM, Tanya Madurapperuma <[email protected]> > wrote: > >> Hi Lasantha, >> >> Where do we maintain the resource to permission mapping? Is it at the >> common component level or each app has to maintain its own mapping? >> >> Thanks, >> Tanya >> >> On Wed, Oct 18, 2017 at 1:34 PM, Lasantha Samarakoon <[email protected]> >> wrote: >> >>> Hi all, >>> >>> In the new React based dashboard component we need to implement a >>> permission model based on user roles to limit access to dashboard >>> resources. Since this can be a common requirement among all the React based >>> apps in under Analytics we thought of introducing a common component to >>> serve the purpose. Therefore we are thinking of add this component into >>> carbon-analytics repository. >>> >>> Implementation: >>> >>> As we discussed internally this component will expose an OSGi service >>> which provides all the necessary APIs. This includes the following. >>> >>> - CRUD operations on permissions (i.e. add/edit/delete/get/list >>> permissions) >>> - Grant and revoke permissions from particular roles. >>> >>> In order to persist permissions following database will be implemented. >>> >>> *PERMISSIONS* >>> >>> ID INT AUTO_INCREMENT PRIMARY KEY >>> APP_NAME VARCHAR(3) NOT NULL >>> PERMISSION_STRING VARCHAR(50) NOT NULL >>> >>> >>> >>> *ROLE_PERMISSIONS* >>> >>> ID INT AUTO_INCREMENT PRIMARY KEY >>> PERMISSION_ID INT NOT NULL >>> ROLE_NAME VARCHAR(100) NOT NULL >>> >>> >>> Since we are not maintaining the roles withing this database schema we >>> suppose to retrieve them via the SCIM API. >>> >>> Appreciate your feedback. >>> >>> >>> Regards, >>> >>> *Lasantha Samarakoon* | Software Engineer >>> WSO2, Inc. >>> #20, Palm Grove, Colombo 03, Sri Lanka >>> <https://maps.google.com/?q=20,+Palm+Grove,+Colombo+03,+Sri+Lanka&entry=gmail&source=g> >>> Mobile: +94 (71) 214 1576 <071%20214%201576> >>> Email: [email protected] >>> Web: www.wso2.com >>> >>> lean . enterprise . middleware >>> >> >> >> >> -- >> Tanya Madurapperuma >> >> Associate Technical Lead, >> WSO2 Inc. : wso2.com >> Mobile : +94718184439 <+94%2071%20818%204439> >> Blog : http://tanyamadurapperuma.blogspot.com >> > > -- Tanya Madurapperuma Associate Technical Lead, WSO2 Inc. : wso2.com Mobile : +94718184439 Blog : http://tanyamadurapperuma.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
