Hi all,
Thank you for the clarification @Uvindra Dias Jayasinha <[email protected]>.
I agree with you.
Also, I checked Admin v1 POST /applications/{applicationId}/change-owner
REST API as @Fazlan Nazeem <[email protected]> stated. To highlight the main
drawback of this REST API, please consider the below example.
Assume there are two (2) users, namely *User A* and *User B*, and both of
them have *DefaultApplication* each. So, if *User A* tries to change the
owner of *User B’s DefaultApplication*, he/she will not be allowed to do
that. The error will contain something as *“Unable to update application
owner to User A as this user has an application with the same name”.*
I think this is what @Uvindra Dias Jayasinha <[email protected]> stated too.
IMO, the only remaining option is the solution that I stated in Step 2
which is to define a new REST API resource that allows deleting
applications belong to other users. Here, I am not sure whether we need to
allow to delete cross tenant applications as well.
Your feedback will be much appreciated.
Thank you!
Wasura
On Mon, Jul 6, 2020 at 5:57 PM Uvindra Dias Jayasinha <[email protected]>
wrote:
> I don't think this is the purpose of the owner flag. Even APIM does not
> support users in the same tenant deleting Apps created by another user. I
> think the reason the owner flag is because different users can create Apps
> having the same name.
>
> For example, all users have a DefaultApplication created for them when
> they login to the store. So you can have UserA and UserB both having their
> own DefaultApplication.
>
> So if you try to delete the DefaultApplication from apictl, you need to
> specify the owner correctly so that APIM will know which instance of the
> DefaultApplication that it needs to delete.
>
> On Mon, 6 Jul 2020 at 16:40, Wasura Wattearachchi <[email protected]> wrote:
>
>> Hi all,
>>
>> Currently, the API Controller provides “apictl delete app” command which
>> consists of the below flags [1].
>>
>> Flags:
>>
>> -e, --environment string Environment from which the Application
>> should be deleted
>>
>> -h, --help help for app
>>
>> -n, --name string Name of the Application to be deleted
>>
>> -o, --owner string Owner of the Application to be deleted
>>
>> In this mail, we will be focussing on the functionality of the -o
>> (--owner) flag. The expected functionality of this flag is to allow a
>> user (assume User A) to provide the facility to delete an application
>> created by another user (assume User B) who is in the same tenant. But,
>> the current REST APIs do not provide adequate support for this
>> functionality [2].
>>
>> Deleting an application consists of two (2) main steps and for those two
>> (2) steps, two (2) REST API resources are being used currently, which have
>> some drawbacks when it comes to fulfilling the functionality expected from
>> the -o (--owner) flag.
>>
>>
>> Step
>>
>> REST API
>>
>> Drawback
>>
>> Solution(s)
>>
>> 1. Retrieving the applicationId based on the application name (-n/--name
>> flag) and the owner’s name (-o/--owner flag)
>>
>> Store v1 GET /applications
>>
>> This resource only provides the facility to retrieve an application by
>> querying using the application name. Support to query by the owner’s
>> name is not provided here. We need the functionality to query by both
>> the application name and the owner’s name. But, searching by anyone
>> else’s name is not suitable to have in Store REST API. Thus proves that we
>> need to have another REST API resource that has the expected functionality
>> which can be defined in Admin v1.
>>
>> Solution 1
>>
>> There is an existing resource in Admin v1 as GET /applications which has
>> the ability to “Retrieve a list of all applications of a certain subscriber
>> (but not the owner)”. The name of the subscriber can be passed to this as a
>> parameter specified by “user=”. We can enhance this further by providing
>> the ability to pass the owner’s name as “owner=” as a new optional
>> parameter. WDYT?
>>
>> Solution 2
>>
>> Define a new REST API resource in Admin v1 without changing any existing
>> resources as mentioned in Solution 1. WDYT?
>>
>> 2. Deleting the application specified by the applicationId.
>>
>> Store v1 DELETE /applications/{applicationid}
>>
>> This resource does not allow us to delete applications that belong to
>> other users. It provides an output as
>>
>> {"code":403,"message":"Forbidden","description":"You don't have
>> permission to access the application with Id
>> <aaplicationId>","moreInfo":"","error":[]}
>>
>> when we try to delete anyone else’s application.
>>
>> Solution
>>
>> Define a new REST API resource that allows deleting applications belong
>> to other users who are in the same tenant. WDYT?
>>
>>
>>
>> It would be much appreciated if you can share your thoughts when deciding
>> the solutions to the above two (2) steps. Please feel free to include any
>> new/additional solutions if you have any.
>>
>> [1]
>> https://apim.docs.wso2.com/en/next/learn/api-controller/getting-started-with-wso2-api-controller/#delete-an-apiapi-productapplication-in-an-environment
>>
>> [2] https://github.com/wso2/product-apim-tooling/issues/335
>>
>> Thank you!
>> --
>> *Wasura Wattearachchi* | Software Engineer | WSO2 Inc.
>> (m) +94775396038 | (e) [email protected] | (b) Medium
>> <https://medium.com/@wasuradananjith>
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>>
>>
>
> --
> Regards,
> Uvindra
>
> Mobile: 777733962
>
--
*Wasura Wattearachchi* | Software Engineer | WSO2 Inc.
(m) +94775396038 | (e) [email protected] | (b) Medium
<https://medium.com/@wasuradananjith>
[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
