+1 for Approach 2. It provides a sense of modularity/decoupling and helps the api user to easily navigate api calls using the provided link. Will this effort also cover associating permissions to roles?
Thanks, On Thu, Aug 29, 2019 at 10:52 AM Dinali Dabarera <[email protected]> wrote: > Correction: > > *Approach 2:* > Ex: > > { > "totalResults": 1, > "startIndex": 1, > "itemsPerPage": 1, > "schemas": [ > "urn:ietf:params:scim:api:messages:2.0:ListResponse" > ], > "Resources": [ > { > "displayName": "PRIMARY/admin", > "meta": { > "created": "2019-07-26T19:33:54", > "location": > "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, > "lastModified": "2019-07-26T19:33:54" > }, > "members": [ > { > "display": "admin", > "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" > } > ], > > > * "permissions" : { "location":* > > *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; > <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* > }, > "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } > > > On Thu, Aug 29, 2019 at 10:38 AM Dinali Dabarera <[email protected]> wrote: > >> Hi all, >> >> We currently have the UserAdmin Service method to return all the >> permissions in the permission tree as a node list object. There is also a >> method to return permissions associated with a role. >> >> When we try to implement a rest API for this we came up with below two >> approaches: >> >> *Approach 1:* >> >> - Return the only the visible permission list in the SCIM group >> object itself, similar way as members listed. The expected outcome is >> shown >> below. >> >> Ex: >> >> { >> "totalResults": 3, >> "startIndex": 1, >> "itemsPerPage": 3, >> "schemas": [ >> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >> ], >> "Resources": [ >> { >> "displayName": "PRIMARY/admin", >> "meta": { >> "created": "2019-07-26T19:33:54", >> "location": >> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >> "lastModified": "2019-07-26T19:33:54" >> }, >> "members": [ >> { >> "display": "admin", >> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >> } >> ], >> >> "permissions" : [ >> { >> >> "displayName" : "Configure Data Sources", >> >> "resourcePath" : "/permission/admin/configure/datasources" >> }, >> { >> >> "displayName" : "Password Management", >> >> "resourcePath" : >> "/permission/admin/configure/security/usermgt/passwords" >> >> } >> ] >> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >> >> >> >> *Approach 2: * >> >> >> - If we return the permission list in the same group object, it will >> become really large and will have a lot of backend changes as well. >> - Hence, we thought of returning only the link to the permission list >> in the group object and implement another few APIs to manage permissions, >> basically the CRUD operations. >> >> Ex: >> >> { >> "totalResults": 3, >> "startIndex": 1, >> "itemsPerPage": 3, >> "schemas": [ >> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >> ], >> "Resources": [ >> { >> "displayName": "PRIMARY/admin", >> "meta": { >> "created": "2019-07-26T19:33:54", >> "location": >> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >> "lastModified": "2019-07-26T19:33:54" >> }, >> "members": [ >> { >> "display": "admin", >> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >> } >> ], >> >> * "permissions" : >> ["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions >> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]* >> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >> >> >> furthmore we will write new APIs as follows, >> >> */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE* >> >> >> >> Currently, we are working on approach 2 and we really appreciate your >> feedback on these approaches or something new. >> >> Thank you, >> Dinali >> >> -- >> *Dinali Rosemin Dabarera* >> Senior Software Engineer >> IAM Domain >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : [email protected] >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > -- > *Dinali Rosemin Dabarera* > Senior Software Engineer > IAM Domain > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : [email protected] > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- *Denuwanthi De Silva* | Associate Technical Lead | WSO2 Inc. (m) +94 771391097 | (w) +94 11 743 5800 | (e) [email protected] GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
