Hi all,
Please find the final definition as per offline discussion.
/settings/scopes/{scope}:
#-----------------------------------------------------
# Retrieve scope settings
#-----------------------------------------------------
get:
security:
- OAuth2Security:
- apim:admin_settings
x-wso2-curl: "curl -k -X GET
\"https://localhost:9443/api/am/admin/v1/settings/scopes/apim:subscribe?username=john\";
-H \"accept: application/json\" -H \"Authorization: Bearer
8e8edc50-4a70-3fec-af00-ce08097012ab"
x-wso2-request: "GET
https://localhost:9443/api/am/admin/v1/settings/scopes/apim:subscribe?username=john
Authorization: Bearer 8e8edc50-4a70-3fec-af00-ce08097012ab"
x-wso2-response: "{\n \"name\":\"apim:subscribe\" \n}\n"
summary: Retrieve scopes for a particular user
description: |
This operation will return the scope list of particular user
In order to get it, we need to pass the userId as a query parameter
parameters:
- name: username
in: query
type: string
required: true
- $ref : '#/parameters/scope'
tags:
- Settings
responses:
200:
description: |
OK.
Particular scope exists for the given user.
schema:
$ref: '#/definitions/ScopeSettings'
400:
description: |
Bad Request.
Invalid request or validation error
schema:
$ref: '#/definitions/Error'
404:
description: |
Not Found.
Requested user does not exist.
schema:
$ref: '#/definitions/Error'
I have implemented the REST API for the above definition to check
whether the particular user has the particular scope or not.
PR for the REST API implementation can be found in [1] .
[1] - https://github.com/wso2/carbon-apimgt/pull/8605
Thanks & Regards
*S.Meruja* |Software Engineer | WSO2 Inc.
(m) +94779650506 | Email: [email protected]
Linkedin: https://www.linkedin.com/in/meruja
<https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
Medium: https://medium.com/@meruja
<http://wso2.com/signature>
On Sun, May 31, 2020 at 8:32 PM Frank Leymann <[email protected]> wrote:
> Sure, Meruja, that's what 412 is all about - but I didn't see documented
> that we support conditional requests, and what the semantics in our case
> will be: that's why I am asking.
>
> Best regards,
> Frank
>
>
>
>
> Am Di., 26. Mai 2020 um 06:56 Uhr schrieb Meruja Selvamanikkam <
> [email protected]>:
>
>> Dear Frank,
>>
>> We return 412 when the preconditions fail.
>> The number of request headers that can be used to apply conditions to a
>> request:
>>
>> If-Match
>> If-Modified-Since
>> If-None-Match
>> If-Range
>> If-Unmodified-Since
>>
>> Since my request does not contains the stated headers, there won't be 412.
>> Thanks for pointing me to clarify and correct my understanding.
>>
>> 412:
>> description: |
>> Precondition Failed.
>> The request has not been performed because one of the
>> preconditions is not met.
>> schema:
>> $ref: '#/definitions/Error'
>> This should be removed from the response.
>>
>> Thanks & Regards,
>> *S.Meruja* |Software Engineer | WSO2 Inc.
>> (m) +94779650506 | Email: [email protected]
>> Linkedin: https://www.linkedin.com/in/meruja
>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>> Medium: https://medium.com/@meruja
>> <http://wso2.com/signature>
>>
>>
>> On Mon, May 25, 2020 at 10:23 PM Frank Leymann <[email protected]> wrote:
>>
>>> Dear Meruja,
>>>
>>> when would we return a 412?
>>>
>>> Best regards,
>>> Frank
>>>
>>>
>>>
>>>
>>> Am Fr., 22. Mai 2020 um 15:42 Uhr schrieb Meruja Selvamanikkam <
>>> [email protected]>:
>>>
>>>> Hi all,
>>>>
>>>> We are in the process of implementing an API to get the scope list of a
>>>> particular user.
>>>> Following will be the notations of the new API:
>>>> *GET api/am/admin/v1/settings/scopes?userId=<value>*
>>>>
>>>> Please find the swagger definition below:
>>>>
>>>> /settings/scopes:
>>>> #-----------------------------------------------------
>>>> # Retrieve scope settings
>>>> #-----------------------------------------------------
>>>> get:
>>>> security:
>>>> - OAuth2Security:
>>>> - apim:admin_settings
>>>> x-wso2-curl: "curl -k -H \"Authorization: Bearer
>>>> ae4eae22-3f65-387b-a171-d37eaa366fa8\" -X POST \"
>>>> https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-48
>>>> <https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-4877-a323-57f6ce2ed79b%5C>
>>>> ""
>>>> x-wso2-request: |
>>>> GET
>>>> https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-48
>>>> <https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-4877-a323-57f6ce2ed79b>
>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>> x-wso2-response: "HTTP/1.1 200 OK"
>>>> summary: Retrieve scopes for a particular user
>>>> description: |
>>>> This operation will return the scope list of particular user
>>>> In order to get it, we need to pass the userId as a query
>>>> parameter
>>>> parameters:
>>>> - name: userId
>>>> in: query
>>>> type: string
>>>> required: true
>>>> tags:
>>>> - Settings
>>>> responses:
>>>> 200:
>>>> description: |
>>>> OK.
>>>> Scopes for a particular user retrieved successfully.
>>>> 400:
>>>> description: |
>>>> Bad Request.
>>>> Invalid request or validation error
>>>> schema:
>>>> $ref: '#/definitions/Error'
>>>> 404:
>>>> description: |
>>>> Not Found.
>>>> Requested user does not exist.
>>>> schema:
>>>> $ref: '#/definitions/Error'
>>>> 412:
>>>> description: |
>>>> Precondition Failed.
>>>> The request has not been performed because one of the
>>>> preconditions is not met.
>>>> schema:
>>>> $ref: '#/definitions/Error'
>>>>
>>>> Highly appreciate your thoughts and suggestions.
>>>>
>>>> Thanks & Regards,
>>>> *S.Meruja* |Software Engineer | WSO2 Inc.
>>>> (m) +94779650506 | Email: [email protected]
>>>> Linkedin: https://www.linkedin.com/in/meruja
>>>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>>>> Medium: https://medium.com/@meruja
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>>> On Mon, May 11, 2020 at 9:37 PM Meruja Selvamanikkam <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Thank you for your suggestions
>>>>>
>>>>> I have a few concerns regarding validating the subscriber permissions
>>>>>> of the input application owner using the default subscriber role(Internal
>>>>>> subscriber). Since the REST API and portal access are based on the
>>>>>> scope-role mapping which is maintained in tenant-conf.json, a subscriber
>>>>>> user does not necessarily have the *Internal/subscriber* role. If a
>>>>>> new role mapping to app management, subscriptions related scopes has been
>>>>>> introduced with custom roles, then the validation should be done against
>>>>>> those roles as well.
>>>>>>
>>>>>
>>>>> I agree with you. For previous versions, we have a default subscriber
>>>>> role in the configuration file and checked role-based permission for a
>>>>> particular feature. From 3.1.0 onwards, we have a scope-role mapping.
>>>>> In this case, we cannot validate the user role.
>>>>>
>>>>> Hence, we should be validating whether any of the roles assigned to
>>>>>> that particular user has bare scope based minimum access to API
>>>>>> subscriptions, app management resources. So the validation should be
>>>>>> based
>>>>>> on the role-scope mapping.
>>>>>>
>>>>>> ie: If the user's role 'roleA' has role-scope mappings for
>>>>>> 'apim:subscribe'
>>>>>> and 'apim:app_manage' scopes, then that particular user is
>>>>>> eligible as a new owner of a given application.
>>>>>> WDYT?
>>>>>>
>>>>> Yes, we need to validate against the scope.
>>>>>
>>>>>
>>>>> Thanks & Regards,
>>>>> *S.Meruja* |Software Engineer | WSO2 Inc.
>>>>> (m) +94779650506 | Email: [email protected]
>>>>> Linkedin: https://www.linkedin.com/in/meruja
>>>>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>>>>> Medium: https://medium.com/@meruja
>>>>> <http://wso2.com/signature>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
