+1 for approach 2. What will be a sample response for GET " https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; ?
Thanks, Thanuja On Thu, Aug 29, 2019 at 11:41 AM Dinali Dabarera <din...@wso2.com> wrote: > > Hi Denuwanthi, > > On Thu, Aug 29, 2019 at 11:37 AM Denuwanthi De Silva <denuwan...@wso2.com> > wrote: > >> +1 for Approach 2. >> It provides a sense of modularity/decoupling and helps the api user to >> easily navigate api calls using the provided link. >> Will this effort also cover associating permissions to roles? >> > > I believe what you mean here is add permission to roles. > > Yes, for that we provide the POST form of this API. We do support PATCH, > PUT and DELETE too. > > *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; > <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* > > > >> Thanks, >> >> On Thu, Aug 29, 2019 at 10:52 AM Dinali Dabarera <din...@wso2.com> wrote: >> >>> Correction: >>> >>> *Approach 2:* >>> Ex: >>> >>> { >>> "totalResults": 1, >>> "startIndex": 1, >>> "itemsPerPage": 1, >>> "schemas": [ >>> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >>> ], >>> "Resources": [ >>> { >>> "displayName": "PRIMARY/admin", >>> "meta": { >>> "created": "2019-07-26T19:33:54", >>> "location": >>> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >>> "lastModified": "2019-07-26T19:33:54" >>> }, >>> "members": [ >>> { >>> "display": "admin", >>> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >>> } >>> ], >>> >>> >>> * "permissions" : { "location":* >>> >>> *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; >>> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* >>> }, >>> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >>> >>> >>> On Thu, Aug 29, 2019 at 10:38 AM Dinali Dabarera <din...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> We currently have the UserAdmin Service method to return all the >>>> permissions in the permission tree as a node list object. There is also a >>>> method to return permissions associated with a role. >>>> >>>> When we try to implement a rest API for this we came up with below two >>>> approaches: >>>> >>>> *Approach 1:* >>>> >>>> - Return the only the visible permission list in the SCIM group >>>> object itself, similar way as members listed. The expected outcome is >>>> shown >>>> below. >>>> >>>> Ex: >>>> >>>> { >>>> "totalResults": 3, >>>> "startIndex": 1, >>>> "itemsPerPage": 3, >>>> "schemas": [ >>>> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >>>> ], >>>> "Resources": [ >>>> { >>>> "displayName": "PRIMARY/admin", >>>> "meta": { >>>> "created": "2019-07-26T19:33:54", >>>> "location": >>>> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >>>> "lastModified": "2019-07-26T19:33:54" >>>> }, >>>> "members": [ >>>> { >>>> "display": "admin", >>>> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >>>> } >>>> ], >>>> >>>> "permissions" : [ >>>> { >>>> >>>> "displayName" : "Configure Data Sources", >>>> >>>> "resourcePath" : "/permission/admin/configure/datasources" >>>> }, >>>> { >>>> >>>> "displayName" : "Password Management", >>>> >>>> "resourcePath" : >>>> "/permission/admin/configure/security/usermgt/passwords" >>>> >>>> } >>>> ] >>>> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >>>> >>>> >>>> >>>> *Approach 2: * >>>> >>>> >>>> - If we return the permission list in the same group object, it >>>> will become really large and will have a lot of backend changes as well. >>>> - Hence, we thought of returning only the link to the permission >>>> list in the group object and implement another few APIs to manage >>>> permissions, basically the CRUD operations. >>>> >>>> Ex: >>>> >>>> { >>>> "totalResults": 3, >>>> "startIndex": 1, >>>> "itemsPerPage": 3, >>>> "schemas": [ >>>> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >>>> ], >>>> "Resources": [ >>>> { >>>> "displayName": "PRIMARY/admin", >>>> "meta": { >>>> "created": "2019-07-26T19:33:54", >>>> "location": >>>> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >>>> "lastModified": "2019-07-26T19:33:54" >>>> }, >>>> "members": [ >>>> { >>>> "display": "admin", >>>> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >>>> } >>>> ], >>>> >>>> * "permissions" : >>>> ["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions >>>> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]* >>>> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >>>> >>>> >>>> furthmore we will write new APIs as follows, >>>> >>>> */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE* >>>> >>>> >>>> >>>> Currently, we are working on approach 2 and we really appreciate your >>>> feedback on these approaches or something new. >>>> >>>> Thank you, >>>> Dinali >>>> >>>> -- >>>> *Dinali Rosemin Dabarera* >>>> Senior Software Engineer >>>> IAM Domain >>>> WSO2 Lanka (pvt) Ltd. >>>> Web: http://wso2.com/ >>>> Email : gdrdabar...@gmail.com >>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>>> Mobile: +94770198933 >>>> >>>> >>>> >>>> >>>> <https://lk.linkedin.com/in/dinalidabarera> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Senior Software Engineer >>> IAM Domain >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : gdrdabar...@gmail.com >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> -- >> >> *Denuwanthi De Silva* | Associate Technical Lead | WSO2 Inc. >> (m) +94 771391097 | (w) +94 11 743 5800 | (e) denuwan...@wso2.com >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> >> > > -- > *Dinali Rosemin Dabarera* > Senior Software Engineer > IAM Domain > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : gdrdabar...@gmail.com > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- *Thanuja Lakmal* Technical Lead WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
