Re: [Architecture] [IS- 5.10.0] [Role-Permission] Implementation strategy

Wed, 28 Aug 2019 22:23:30 -0700 

Correction:

*Approach 2:*
Ex:

{
  "totalResults": 1,
  "startIndex": 1,
  "itemsPerPage": 1,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "Resources": [
    {
      "displayName": "PRIMARY/admin",
      "meta": {
        "created": "2019-07-26T19:33:54",
        "location":
"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";,
        "lastModified": "2019-07-26T19:33:54"
      },
      "members": [
        {
          "display": "admin",
          "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43"
        }
      ],


*      "permissions" : {              "location":*

*"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions";
<https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>*
},
 "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] }


On Thu, Aug 29, 2019 at 10:38 AM Dinali Dabarera <din...@wso2.com> wrote:

> Hi all,
>
> We currently have the UserAdmin Service method to return all the
> permissions in the permission tree as a node list object. There is also a
> method to return permissions associated with a role.
>
> When we try to implement a rest API for this we came up with below two
> approaches:
>
> *Approach 1:*
>
>    - Return the only the visible permission list in the SCIM group object
>    itself, similar way as members listed. The expected outcome is shown below.
>
> Ex:
>
> {
>   "totalResults": 3,
>   "startIndex": 1,
>   "itemsPerPage": 3,
>   "schemas": [
>     "urn:ietf:params:scim:api:messages:2.0:ListResponse"
>   ],
>   "Resources": [
>     {
>       "displayName": "PRIMARY/admin",
>       "meta": {
>         "created": "2019-07-26T19:33:54",
>         "location": 
> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";,
>         "lastModified": "2019-07-26T19:33:54"
>       },
>       "members": [
>         {
>           "display": "admin",
>           "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43"
>         }
>       ],
>
>       "permissions" : [
>             {
>
>                 "displayName" : "Configure Data Sources",
>
>                 "resourcePath" : "/permission/admin/configure/datasources"
>              },
>              {
>
>                 "displayName" : "Password Management",
>
>                 "resourcePath" : 
> "/permission/admin/configure/security/usermgt/passwords"
>
> }
> ]
>  "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] }
>
>
>
> *Approach 2: *
>
>
>    - If we return the permission list in the same group object, it will
>    become really large and will have a lot of backend changes as well.
>    - Hence, we thought of returning only the link to the permission list
>    in the group object and implement another few APIs to manage permissions,
>    basically the CRUD operations.
>
> Ex:
>
> {
>   "totalResults": 3,
>   "startIndex": 1,
>   "itemsPerPage": 3,
>   "schemas": [
>     "urn:ietf:params:scim:api:messages:2.0:ListResponse"
>   ],
>   "Resources": [
>     {
>       "displayName": "PRIMARY/admin",
>       "meta": {
>         "created": "2019-07-26T19:33:54",
>         "location": 
> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";,
>         "lastModified": "2019-07-26T19:33:54"
>       },
>       "members": [
>         {
>           "display": "admin",
>           "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43"
>         }
>       ],
>
> * "permissions" :
> ["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions
> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]*
>  "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] }
>
>
> furthmore we will write new APIs as follows,
>
>             */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE*
>
>
>
> Currently, we are working on approach 2 and we really appreciate your
> feedback on these approaches or something new.
>
> Thank you,
> Dinali
>
> --
> *Dinali Rosemin Dabarera*
> Senior Software Engineer
> IAM Domain
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

-- 
*Dinali Rosemin Dabarera*
Senior Software Engineer
IAM Domain
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : gdrdabar...@gmail.com
LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
Mobile: +94770198933




<https://lk.linkedin.com/in/dinalidabarera>

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to