On Tue, May 5, 2020 at 11:36 AM Vithursa Mahendrarajah <[email protected]> wrote:
> Hi Meruja, > > The Publisher REST APIs for role validation is used to check whether the given > role exists and the logged-in user has the given role. Here the role is > taken from the user input, AFAIU the requirement, in this case we need to > check whether the new user has the subscriber role before changing the > application owner. Please correct if it is wrong. > > Since we need to validate whether the user has only a particular role, we > do not need to have roleId in the resource path. Shall we have a resource > name like /user/validate-subscriber-role. WDYT? > IMO, we shouldn't restrict the API for subscriber user validation only and it's better to keep it as a generic API which we can reuse in cases of role validations in future requirements as well(if any). > > Thanks, > Vithursa > > > On Tue, May 5, 2020 at 9:47 AM Meruja Selvamanikkam <[email protected]> > wrote: > >> Hi All, >> >> We are planning to add a REST API endpoint to APIM 3.2.0 Admin Rest APIs >> and the intention is to check the existence of a particular role name ( >> Internal/subscriber) when transferring ownership of an application to a >> user. We have similar API in the publisher to check the availability of >> the role[1]. >> We have to decide the OAuth2 scope which functionalities are used by Admin >> . >> >> The swagger definition for the new endpoint would be as follows: >> >> ###################################################### >> # The Role Name Existence >> ###################################################### >> /roles/{roleName}: >> #----------------------------------------------------- >> # The role name existence check resource >> #----------------------------------------------------- >> head: >> security: >> - OAuth2Security: >> - apim:<To_be_added> >> summary: >> Check given role name already exists >> description: >> Using this operation, to check whether given role already exists >> parameters: >> - $ref : '#/parameters/roleName' >> responses: >> 200: >> description: >> OK. >> Requested role name is returned. >> 404: >> description: >> Not Found. >> Requested role name does not exist. >> >> ###################################################### >> # The Role Name Existence for the logged-in user >> ###################################################### >> /me/roles/{roleName}: >> #----------------------------------------------------- >> # Validate role against a user >> #----------------------------------------------------- >> head: >> security: >> - OAuth2Security: >> - apim:<To_be_added> >> summary: >> Validate whether the logged-in user has the given role >> description: >> Using this operation, logged-in user can check whether he has given >> role. >> parameters: >> - $ref : '#/parameters/roleName' >> responses: >> 200: >> description: >> OK. >> Logged-in user has the role. >> 404: >> description: >> Not Found. >> Logged-in user does not have the role. >> >> Appreciate any feedback on this and correct me if I am wrong. >> >> [1] - [APIM-3.0] Publisher rest API to check a role name existence >> >> Thanks & Regards, >> *S.Meruja* |Software Engineer | WSO2 Inc. >> (m) +94779650506 | Email: [email protected] >> Linkedin: https://www.linkedin.com/in/meruja >> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja> >> Medium: https://medium.com/@meruja >> <http://wso2.com/signature> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > *Vithursa Mahendrarajah* | Senior Software Engineer | WSO2 Inc > (m) +94 766 695 643 | (e) [email protected] > > * <http://wso2.com/signature>[image: https://wso2.com/signature] > <https://wso2.com/signature>* > -- Thilini Shanika Technical Lead WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 Mobile: +94710892258
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
