Hi again, Also with regards to how to do it, take a look @ the RemoteUserManagement stuff that is used in AM today. That code needs to be improved to work in a MT setup, but you can use similar mechanisms to implement this in a much better (and future-proof) way.
Thanks, Senaka. On Mon, Dec 10, 2012 at 10:58 PM, Senaka Fernando <[email protected]> wrote: > Hi Lalaji, > > Having multiple user stores should not impact on this. > > Ideally when someone publishes and API, he/she should be able to decide on > who the target audience is. That's a valid requirement for the store-side. > Now at the store, if the role of the user is what's used to make decisions > on the target audience, then each API that is being put in the registry > (such that it shows up on the store) should specify the roles which could > access it (READ, WRITE, DELETE etc), and the roles which can't. If the API > or Asset or whatever can be read by anybody (i.e. public) then anonymous > access must be granted. These are the principals that every component of > our platform has to follow. > > But, the way in which this is done in AM today does not comply to those > principals of the rest of the platform. The asset content has been used to > store permissions, and the AM API which parses the content decides on the > visibility. If someone has a G-Reg at the store-side, then the permissions > defined from the AM-side (i.e. Publisher) will not show up as permissions, > but as some string values in the Asset's payload. That's a busted story, > and it will not work with the rest of the platform. > > With your question on change of look, the attributes overview_visibility > and overview_visibleRoles will not show up on the API's RXT-based UIs, > but if ever someone opens up and API defined from AM in the Registry > Browser, you should be able to see these in the content, according to how > this has been implemented right? > > Thanks, > Senaka. > > On Mon, Dec 10, 2012 at 6:03 PM, Lalaji Sureshika <[email protected]> wrote: > >> Hi, >> >> On Mon, Dec 10, 2012 at 4:25 PM, Senaka Fernando <[email protected]> wrote: >> >>> Hi Lalaji, >>> >>> If visible is public, such APIs need not have any special permissions. >>> If it is restricted, it should have deny for all and allow for the >>> corresponding groups. Won't that work? >>> >> The above will work,if the Store and Publisher are referring for same >> user-store.But say if the user-stores referring from the two apps are >> different [internal users-store for publisher app and external users-store >> for store app], how are we going to handle such a scenario..? >> >> And I forgot to ask in the above mail,with the current >> implementation,what has happened to API Asset look..?As with the current >> implementation,the default API visibility is 'public',which can be >> visible to every one and with anonymous mode,which is similar to earlier >> API Store view.. >> >> Thanks; >> >>> >>> Thanks, >>> Senaka. >>> >>> >>> On Mon, Dec 10, 2012 at 4:42 PM, Lalaji Sureshika <[email protected]>wrote: >>> >>>> Hi Senaka, >>>> >>>> On Sun, Dec 9, 2012 at 9:42 PM, Senaka Fernando <[email protected]>wrote: >>>> >>>>> Hi Lalaji, >>>>> >>>>> Why did we decide to do this in this way? This makes the API Asset >>>>> look horrible once opened in the Resource Browser, can't we use the >>>>> resource permissions instead? >>>>> >>>> I hope you are referring the fix for APIMANAGER-871 .From this fix >>>> when creating the API,we can set its visibility as either 'public' or >>>> 'restricted.'.If a creating API needed to show only for restricted >>>> user-group [visibility is restricted],we are storing some user-roles, to >>>> whom the API is visible from the APIStore. >>>> And from APIStore we are retrieving visibility of each API and if the >>>> visibility of a particular API is 'restricted',then we are checking the >>>> the role of the logged user and if that role is in the allowed group to >>>> see the API from APIStore;then we are displaying that API from the Store. >>>> This check is a string check based on the role names. >>>> I'm not sure how we can change above way to use registry permissions,as >>>> in current implementation ,we are not setting permissions to each API >>>> resource..Could you explain a bit on this.. >>>> >>>> Thanks; >>>> >>>> >>>>> >>>>> Thanks, >>>>> Senaka. >>>>> >>>>> On Fri, Dec 7, 2012 at 3:18 PM, <[email protected]> wrote: >>>>> >>>>>> Author: lalaji >>>>>> Date: Fri Dec 7 15:18:16 2012 >>>>>> New Revision: 150612 >>>>>> URL: http://wso2.org/svn/browse/wso2?view=rev&revision=150612 >>>>>> >>>>>> Log: >>>>>> Applying fix for APIMANAGER-871 ,to segment APIStore based on >>>>>> subscriber's role,and added the patch given for APIMANAGER-13 >>>>>> >>>>>> Modified: >>>>>> >>>>>> >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java >>>>>> >>>>>> >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java >>>>>> >>>>>> >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java >>>>>> >>>>>> >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java >>>>>> >>>>>> Modified: >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java >>>>>> URL: >>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java?rev=150612&r1=150611&r2=150612&view=diff >>>>>> >>>>>> ============================================================================== >>>>>> --- >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java >>>>>> (original) >>>>>> +++ >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java >>>>>> Fri Dec 7 15:18:16 2012 >>>>>> @@ -82,6 +82,8 @@ >>>>>> public static final String API_OVERVIEW_TEC_OWNER_EMAIL >>>>>> ="overview_technicalOwnerEmail"; >>>>>> public static final String API_OVERVIEW_BUSS_OWNER >>>>>> ="overview_businessOwner"; >>>>>> public static final String API_OVERVIEW_BUSS_OWNER_EMAIL >>>>>> ="overview_businessOwnerEmail"; >>>>>> + public static final String API_OVERVIEW_VISIBILITY >>>>>> ="overview_visibility"; >>>>>> + public static final String API_OVERVIEW_VISIBLE_ROLES >>>>>> ="overview_visibleRoles"; >>>>>> public static final String API_STATUS = "STATUS"; >>>>>> public static final String API_URI_PATTERN >>>>>> ="URITemplate_urlPattern"; >>>>>> public static final String API_URI_HTTP_METHOD >>>>>> ="URITemplate_httpVerb"; >>>>>> >>>>>> Modified: >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java >>>>>> URL: >>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java?rev=150612&r1=150611&r2=150612&view=diff >>>>>> >>>>>> ============================================================================== >>>>>> --- >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java >>>>>> (original) >>>>>> +++ >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java >>>>>> Fri Dec 7 15:18:16 2012 >>>>>> @@ -75,7 +75,7 @@ >>>>>> >>>>>> private ServiceRegistration registration; >>>>>> >>>>>> - protected void activate(ComponentContext componentContext) { >>>>>> + protected void activate(ComponentContext componentContext) >>>>>> throws Exception { >>>>>> if (log.isDebugEnabled()) { >>>>>> log.debug("API manager component activated"); >>>>>> } >>>>>> >>>>>> Modified: >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java >>>>>> URL: >>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java?rev=150612&r1=150611&r2=150612&view=diff >>>>>> >>>>>> ============================================================================== >>>>>> --- >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java >>>>>> (original) >>>>>> +++ >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java >>>>>> Fri Dec 7 15:18:16 2012 >>>>>> @@ -40,6 +40,7 @@ >>>>>> private static final Log log = >>>>>> LogFactory.getLog(APIMgtDBUtil.class); >>>>>> >>>>>> private static volatile DataSource dataSource = null; >>>>>> + private static final String DB_CHECK_SQL = "SELECT * FROM >>>>>> AM_SUBSCRIBER"; >>>>>> >>>>>> private static final String DB_CONFIG = "Database."; >>>>>> private static final String DB_DRIVER = DB_CONFIG + "Driver"; >>>>>> @@ -54,7 +55,7 @@ >>>>>> * >>>>>> * @throws APIManagementException if an error occurs while >>>>>> loading DB configuration >>>>>> */ >>>>>> - public static void initialize() throws APIManagementException { >>>>>> + public static void initialize() throws Exception { >>>>>> if (dataSource != null) { >>>>>> return; >>>>>> } >>>>>> @@ -95,6 +96,30 @@ >>>>>> dataSource = basicDataSource; >>>>>> } >>>>>> } >>>>>> + setupAPIManagerDatabase(); >>>>>> + } >>>>>> + } >>>>>> + >>>>>> + /** >>>>>> + * Creates the APIManager Database if not created already. >>>>>> + * >>>>>> + * @throws Exception if an error occurs while creating the >>>>>> APIManagerDatabase. >>>>>> + */ >>>>>> + private static void setupAPIManagerDatabase() throws Exception { >>>>>> + >>>>>> + String value = System.getProperty("setup"); >>>>>> + if (value != null) { >>>>>> + LocalDatabaseCreator databaseCreator = new >>>>>> LocalDatabaseCreator(dataSource); >>>>>> + try { >>>>>> + if >>>>>> (!databaseCreator.isDatabaseStructureCreated(DB_CHECK_SQL)) { >>>>>> + databaseCreator.createRegistryDatabase(); >>>>>> + } else { >>>>>> + log.info("APIManager database already exists. >>>>>> Not creating a new database."); >>>>>> + } >>>>>> + } catch (Exception e) { >>>>>> + String msg = "Error in creating the APIManager >>>>>> database"; >>>>>> + throw new Exception(msg, e); >>>>>> + } >>>>>> } >>>>>> } >>>>>> >>>>>> >>>>>> Modified: >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java >>>>>> URL: >>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java?rev=150612&r1=150611&r2=150612&view=diff >>>>>> >>>>>> ============================================================================== >>>>>> --- >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java >>>>>> (original) >>>>>> +++ >>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java >>>>>> Fri Dec 7 15:18:16 2012 >>>>>> @@ -96,6 +96,8 @@ >>>>>> >>>>>> >>>>>> api.setTechnicalOwnerEmail(artifact.getAttribute(APIConstants.API_OVERVIEW_TEC_OWNER_EMAIL)); >>>>>> >>>>>> >>>>>> api.setBusinessOwner(artifact.getAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER)); >>>>>> >>>>>> >>>>>> api.setBusinessOwnerEmail(artifact.getAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER_EMAIL)); >>>>>> + >>>>>> >>>>>> api.setVisibility(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBILITY)); >>>>>> + >>>>>> >>>>>> api.setVisibleRoles(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES)); >>>>>> >>>>>> Set<Tier> availableTier = new HashSet<Tier>(); >>>>>> String tiers = >>>>>> artifact.getAttribute(APIConstants.API_OVERVIEW_TIER); >>>>>> @@ -190,6 +192,8 @@ >>>>>> >>>>>> >>>>>> api.setThumbnailUrl(artifact.getAttribute(APIConstants.API_OVERVIEW_THUMBNAIL_URL)); >>>>>> >>>>>> >>>>>> api.setStatus(getApiStatus(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS))); >>>>>> >>>>>> >>>>>> api.setContext(artifact.getAttribute(APIConstants.API_OVERVIEW_CONTEXT)); >>>>>> + >>>>>> >>>>>> api.setVisibility(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBILITY)); >>>>>> + >>>>>> >>>>>> api.setVisibleRoles(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES)); >>>>>> } catch (GovernanceException e) { >>>>>> String msg = "Failed to get API from artifact "; >>>>>> throw new APIManagementException(msg, e); >>>>>> @@ -248,6 +252,9 @@ >>>>>> >>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_TEC_OWNER_EMAIL, >>>>>> api.getTechnicalOwnerEmail()); >>>>>> >>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER, >>>>>> api.getBusinessOwner()); >>>>>> >>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER_EMAIL, >>>>>> api.getBusinessOwnerEmail()); >>>>>> + >>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_VISIBILITY, >>>>>> api.getVisibility()); >>>>>> + >>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES, >>>>>> api.getVisibleRoles()); >>>>>> + >>>>>> String tiers = ""; >>>>>> for (Tier tier : api.getAvailableTiers()) { >>>>>> tiers += tier.getName() + "||"; >>>>>> _______________________________________________ >>>>>> Commits mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/commits >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> * <http://wso2con.com/> >>>>> * >>>>> * >>>>> >>>>> Senaka Fernando* >>>>> Member - Integration Technologies Management Committee; >>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>> Member; Apache Software Foundation; http://apache.org >>>>> >>>>> E-mail: senaka AT wso2.com >>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>> >>>>> *Lean . Enterprise . Middleware >>>>> >>>>> >>>> >>>> >>>> -- >>>> Lalaji Sureshika >>>> Software Engineer; Development Technologies Team;WSO2, Inc.; >>>> http://wso2.com/ >>>> email: [email protected]; cell: +94 71 608 6811 >>>> blog: http://lalajisureshika.blogspot.com >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> * <http://wso2con.com/> >>> * >>> * >>> >>> Senaka Fernando* >>> Member - Integration Technologies Management Committee; >>> Technical Lead; WSO2 Inc.; http://wso2.com* >>> Member; Apache Software Foundation; http://apache.org >>> >>> E-mail: senaka AT wso2.com >>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>> Linked-In: http://linkedin.com/in/senakafernando >>> >>> *Lean . Enterprise . Middleware >>> >>> >> >> >> -- >> Lalaji Sureshika >> Software Engineer; Development Technologies Team;WSO2, Inc.; >> http://wso2.com/ >> email: [email protected]; cell: +94 71 608 6811 >> blog: http://lalajisureshika.blogspot.com >> >> >> >> > > > -- > * <http://wso2con.com/> > * > * > > Senaka Fernando* > Member - Integration Technologies Management Committee; > Technical Lead; WSO2 Inc.; http://wso2.com* > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > -- * <http://wso2con.com/> * * Senaka Fernando* Member - Integration Technologies Management Committee; Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
