Correction: *Approach 2:* Ex:
{ "totalResults": 1, "startIndex": 1, "itemsPerPage": 1, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "Resources": [ { "displayName": "PRIMARY/admin", "meta": { "created": "2019-07-26T19:33:54", "location": "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d", "lastModified": "2019-07-26T19:33:54" }, "members": [ { "display": "admin", "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" } ], * "permissions" : { "location":* *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions" <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* }, "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } On Thu, Aug 29, 2019 at 10:38 AM Dinali Dabarera <din...@wso2.com> wrote: > Hi all, > > We currently have the UserAdmin Service method to return all the > permissions in the permission tree as a node list object. There is also a > method to return permissions associated with a role. > > When we try to implement a rest API for this we came up with below two > approaches: > > *Approach 1:* > > - Return the only the visible permission list in the SCIM group object > itself, similar way as members listed. The expected outcome is shown below. > > Ex: > > { > "totalResults": 3, > "startIndex": 1, > "itemsPerPage": 3, > "schemas": [ > "urn:ietf:params:scim:api:messages:2.0:ListResponse" > ], > "Resources": [ > { > "displayName": "PRIMARY/admin", > "meta": { > "created": "2019-07-26T19:33:54", > "location": > "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d", > "lastModified": "2019-07-26T19:33:54" > }, > "members": [ > { > "display": "admin", > "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" > } > ], > > "permissions" : [ > { > > "displayName" : "Configure Data Sources", > > "resourcePath" : "/permission/admin/configure/datasources" > }, > { > > "displayName" : "Password Management", > > "resourcePath" : > "/permission/admin/configure/security/usermgt/passwords" > > } > ] > "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } > > > > *Approach 2: * > > > - If we return the permission list in the same group object, it will > become really large and will have a lot of backend changes as well. > - Hence, we thought of returning only the link to the permission list > in the group object and implement another few APIs to manage permissions, > basically the CRUD operations. > > Ex: > > { > "totalResults": 3, > "startIndex": 1, > "itemsPerPage": 3, > "schemas": [ > "urn:ietf:params:scim:api:messages:2.0:ListResponse" > ], > "Resources": [ > { > "displayName": "PRIMARY/admin", > "meta": { > "created": "2019-07-26T19:33:54", > "location": > "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d", > "lastModified": "2019-07-26T19:33:54" > }, > "members": [ > { > "display": "admin", > "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" > } > ], > > * "permissions" : > ["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions > <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]* > "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } > > > furthmore we will write new APIs as follows, > > */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE* > > > > Currently, we are working on approach 2 and we really appreciate your > feedback on these approaches or something new. > > Thank you, > Dinali > > -- > *Dinali Rosemin Dabarera* > Senior Software Engineer > IAM Domain > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : gdrdabar...@gmail.com > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- *Dinali Rosemin Dabarera* Senior Software Engineer IAM Domain WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : gdrdabar...@gmail.com LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture