Hi Senaka,
Thanks for pointing this out. Lalaji has already started modifying the
current impl as follows.
1. When publishing an API, based on user input we determine if API should
be anonymously accessible or the specific role to which it should be
visible.
On the storage front, this will be persisted using Registry permissions.
2.However, when reading from generic artifact manager, will we be getting a
filtered list based on permissions or should we do a manual filtering based
on user. (I know this can be achieved using standard registry API. But not
sure how to do this when it comes to RXTs & GenericArtifact Manager).
Some of the code in concern as as follows:
this.registry = ServiceReferenceHolder.getInstance().
getRegistryService().getGovernanceSystemRegistry();
GenericArtifactManager artifactManager =
APIUtil.getArtifactManager(registry, APIConstants.API_KEY);
GenericArtifact[] genericArtifacts =
artifactManager.getAllGenericArtifacts();
On Mon, Dec 10, 2012 at 10:58 PM, Senaka Fernando <[email protected]> wrote:
> Hi Lalaji,
>
> Having multiple user stores should not impact on this.
>
> Ideally when someone publishes and API, he/she should be able to decide on
> who the target audience is. That's a valid requirement for the store-side.
> Now at the store, if the role of the user is what's used to make decisions
> on the target audience, then each API that is being put in the registry
> (such that it shows up on the store) should specify the roles which could
> access it (READ, WRITE, DELETE etc), and the roles which can't. If the API
> or Asset or whatever can be read by anybody (i.e. public) then anonymous
> access must be granted. These are the principals that every component of
> our platform has to follow.
>
> But, the way in which this is done in AM today does not comply to those
> principals of the rest of the platform. The asset content has been used to
> store permissions, and the AM API which parses the content decides on the
> visibility. If someone has a G-Reg at the store-side, then the permissions
> defined from the AM-side (i.e. Publisher) will not show up as permissions,
> but as some string values in the Asset's payload. That's a busted story,
> and it will not work with the rest of the platform.
>
> With your question on change of look, the attributes overview_visibility
> and overview_visibleRoles will not show up on the API's RXT-based UIs,
> but if ever someone opens up and API defined from AM in the Registry
> Browser, you should be able to see these in the content, according to how
> this has been implemented right?
>
> Thanks,
> Senaka.
>
> On Mon, Dec 10, 2012 at 6:03 PM, Lalaji Sureshika <[email protected]> wrote:
>
>> Hi,
>>
>> On Mon, Dec 10, 2012 at 4:25 PM, Senaka Fernando <[email protected]> wrote:
>>
>>> Hi Lalaji,
>>>
>>> If visible is public, such APIs need not have any special permissions.
>>> If it is restricted, it should have deny for all and allow for the
>>> corresponding groups. Won't that work?
>>>
>> The above will work,if the Store and Publisher are referring for same
>> user-store.But say if the user-stores referring from the two apps are
>> different [internal users-store for publisher app and external users-store
>> for store app], how are we going to handle such a scenario..?
>>
>> And I forgot to ask in the above mail,with the current
>> implementation,what has happened to API Asset look..?As with the current
>> implementation,the default API visibility is 'public',which can be
>> visible to every one and with anonymous mode,which is similar to earlier
>> API Store view..
>>
>> Thanks;
>>
>>>
>>> Thanks,
>>> Senaka.
>>>
>>>
>>> On Mon, Dec 10, 2012 at 4:42 PM, Lalaji Sureshika <[email protected]>wrote:
>>>
>>>> Hi Senaka,
>>>>
>>>> On Sun, Dec 9, 2012 at 9:42 PM, Senaka Fernando <[email protected]>wrote:
>>>>
>>>>> Hi Lalaji,
>>>>>
>>>>> Why did we decide to do this in this way? This makes the API Asset
>>>>> look horrible once opened in the Resource Browser, can't we use the
>>>>> resource permissions instead?
>>>>>
>>>> I hope you are referring the fix for APIMANAGER-871 .From this fix
>>>> when creating the API,we can set its visibility as either 'public' or
>>>> 'restricted.'.If a creating API needed to show only for restricted
>>>> user-group [visibility is restricted],we are storing some user-roles, to
>>>> whom the API is visible from the APIStore.
>>>> And from APIStore we are retrieving visibility of each API and if the
>>>> visibility of a particular API is 'restricted',then we are checking the
>>>> the role of the logged user and if that role is in the allowed group to
>>>> see the API from APIStore;then we are displaying that API from the Store.
>>>> This check is a string check based on the role names.
>>>> I'm not sure how we can change above way to use registry permissions,as
>>>> in current implementation ,we are not setting permissions to each API
>>>> resource..Could you explain a bit on this..
>>>>
>>>> Thanks;
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Senaka.
>>>>>
>>>>> On Fri, Dec 7, 2012 at 3:18 PM, <[email protected]> wrote:
>>>>>
>>>>>> Author: lalaji
>>>>>> Date: Fri Dec 7 15:18:16 2012
>>>>>> New Revision: 150612
>>>>>> URL: http://wso2.org/svn/browse/wso2?view=rev&revision=150612
>>>>>>
>>>>>> Log:
>>>>>> Applying fix for APIMANAGER-871 ,to segment APIStore based on
>>>>>> subscriber's role,and added the patch given for APIMANAGER-13
>>>>>>
>>>>>> Modified:
>>>>>>
>>>>>>
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
>>>>>>
>>>>>>
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
>>>>>>
>>>>>>
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java
>>>>>>
>>>>>>
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
>>>>>>
>>>>>> Modified:
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
>>>>>> URL:
>>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java?rev=150612&r1=150611&r2=150612&view=diff
>>>>>>
>>>>>> ==============================================================================
>>>>>> ---
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
>>>>>> (original)
>>>>>> +++
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
>>>>>> Fri Dec 7 15:18:16 2012
>>>>>> @@ -82,6 +82,8 @@
>>>>>> public static final String API_OVERVIEW_TEC_OWNER_EMAIL
>>>>>> ="overview_technicalOwnerEmail";
>>>>>> public static final String API_OVERVIEW_BUSS_OWNER
>>>>>> ="overview_businessOwner";
>>>>>> public static final String API_OVERVIEW_BUSS_OWNER_EMAIL
>>>>>> ="overview_businessOwnerEmail";
>>>>>> + public static final String API_OVERVIEW_VISIBILITY
>>>>>> ="overview_visibility";
>>>>>> + public static final String API_OVERVIEW_VISIBLE_ROLES
>>>>>> ="overview_visibleRoles";
>>>>>> public static final String API_STATUS = "STATUS";
>>>>>> public static final String API_URI_PATTERN
>>>>>> ="URITemplate_urlPattern";
>>>>>> public static final String API_URI_HTTP_METHOD
>>>>>> ="URITemplate_httpVerb";
>>>>>>
>>>>>> Modified:
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
>>>>>> URL:
>>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java?rev=150612&r1=150611&r2=150612&view=diff
>>>>>>
>>>>>> ==============================================================================
>>>>>> ---
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
>>>>>> (original)
>>>>>> +++
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
>>>>>> Fri Dec 7 15:18:16 2012
>>>>>> @@ -75,7 +75,7 @@
>>>>>>
>>>>>> private ServiceRegistration registration;
>>>>>>
>>>>>> - protected void activate(ComponentContext componentContext) {
>>>>>> + protected void activate(ComponentContext componentContext)
>>>>>> throws Exception {
>>>>>> if (log.isDebugEnabled()) {
>>>>>> log.debug("API manager component activated");
>>>>>> }
>>>>>>
>>>>>> Modified:
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java
>>>>>> URL:
>>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java?rev=150612&r1=150611&r2=150612&view=diff
>>>>>>
>>>>>> ==============================================================================
>>>>>> ---
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java
>>>>>> (original)
>>>>>> +++
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java
>>>>>> Fri Dec 7 15:18:16 2012
>>>>>> @@ -40,6 +40,7 @@
>>>>>> private static final Log log =
>>>>>> LogFactory.getLog(APIMgtDBUtil.class);
>>>>>>
>>>>>> private static volatile DataSource dataSource = null;
>>>>>> + private static final String DB_CHECK_SQL = "SELECT * FROM
>>>>>> AM_SUBSCRIBER";
>>>>>>
>>>>>> private static final String DB_CONFIG = "Database.";
>>>>>> private static final String DB_DRIVER = DB_CONFIG + "Driver";
>>>>>> @@ -54,7 +55,7 @@
>>>>>> *
>>>>>> * @throws APIManagementException if an error occurs while
>>>>>> loading DB configuration
>>>>>> */
>>>>>> - public static void initialize() throws APIManagementException {
>>>>>> + public static void initialize() throws Exception {
>>>>>> if (dataSource != null) {
>>>>>> return;
>>>>>> }
>>>>>> @@ -95,6 +96,30 @@
>>>>>> dataSource = basicDataSource;
>>>>>> }
>>>>>> }
>>>>>> + setupAPIManagerDatabase();
>>>>>> + }
>>>>>> + }
>>>>>> +
>>>>>> + /**
>>>>>> + * Creates the APIManager Database if not created already.
>>>>>> + *
>>>>>> + * @throws Exception if an error occurs while creating the
>>>>>> APIManagerDatabase.
>>>>>> + */
>>>>>> + private static void setupAPIManagerDatabase() throws Exception {
>>>>>> +
>>>>>> + String value = System.getProperty("setup");
>>>>>> + if (value != null) {
>>>>>> + LocalDatabaseCreator databaseCreator = new
>>>>>> LocalDatabaseCreator(dataSource);
>>>>>> + try {
>>>>>> + if
>>>>>> (!databaseCreator.isDatabaseStructureCreated(DB_CHECK_SQL)) {
>>>>>> + databaseCreator.createRegistryDatabase();
>>>>>> + } else {
>>>>>> + log.info("APIManager database already exists.
>>>>>> Not creating a new database.");
>>>>>> + }
>>>>>> + } catch (Exception e) {
>>>>>> + String msg = "Error in creating the APIManager
>>>>>> database";
>>>>>> + throw new Exception(msg, e);
>>>>>> + }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>>
>>>>>> Modified:
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
>>>>>> URL:
>>>>>> http://wso2.org/svn/browse/wso2/carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java?rev=150612&r1=150611&r2=150612&view=diff
>>>>>>
>>>>>> ==============================================================================
>>>>>> ---
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
>>>>>> (original)
>>>>>> +++
>>>>>> carbon/platform/branches/4.0.0/components/apimgt/org.wso2.carbon.apimgt.impl/1.0.5/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
>>>>>> Fri Dec 7 15:18:16 2012
>>>>>> @@ -96,6 +96,8 @@
>>>>>>
>>>>>>
>>>>>> api.setTechnicalOwnerEmail(artifact.getAttribute(APIConstants.API_OVERVIEW_TEC_OWNER_EMAIL));
>>>>>>
>>>>>>
>>>>>> api.setBusinessOwner(artifact.getAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER));
>>>>>>
>>>>>>
>>>>>> api.setBusinessOwnerEmail(artifact.getAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER_EMAIL));
>>>>>> +
>>>>>>
>>>>>> api.setVisibility(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBILITY));
>>>>>> +
>>>>>>
>>>>>> api.setVisibleRoles(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES));
>>>>>>
>>>>>> Set<Tier> availableTier = new HashSet<Tier>();
>>>>>> String tiers =
>>>>>> artifact.getAttribute(APIConstants.API_OVERVIEW_TIER);
>>>>>> @@ -190,6 +192,8 @@
>>>>>>
>>>>>>
>>>>>> api.setThumbnailUrl(artifact.getAttribute(APIConstants.API_OVERVIEW_THUMBNAIL_URL));
>>>>>>
>>>>>>
>>>>>> api.setStatus(getApiStatus(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)));
>>>>>>
>>>>>>
>>>>>> api.setContext(artifact.getAttribute(APIConstants.API_OVERVIEW_CONTEXT));
>>>>>> +
>>>>>>
>>>>>> api.setVisibility(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBILITY));
>>>>>> +
>>>>>>
>>>>>> api.setVisibleRoles(artifact.getAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES));
>>>>>> } catch (GovernanceException e) {
>>>>>> String msg = "Failed to get API from artifact ";
>>>>>> throw new APIManagementException(msg, e);
>>>>>> @@ -248,6 +252,9 @@
>>>>>>
>>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_TEC_OWNER_EMAIL,
>>>>>> api.getTechnicalOwnerEmail());
>>>>>>
>>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER,
>>>>>> api.getBusinessOwner());
>>>>>>
>>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_BUSS_OWNER_EMAIL,
>>>>>> api.getBusinessOwnerEmail());
>>>>>> +
>>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_VISIBILITY,
>>>>>> api.getVisibility());
>>>>>> +
>>>>>> artifact.setAttribute(APIConstants.API_OVERVIEW_VISIBLE_ROLES,
>>>>>> api.getVisibleRoles());
>>>>>> +
>>>>>> String tiers = "";
>>>>>> for (Tier tier : api.getAvailableTiers()) {
>>>>>> tiers += tier.getName() + "||";
>>>>>> _______________________________________________
>>>>>> Commits mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/commits
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> * <http://wso2con.com/>
>>>>> *
>>>>> *
>>>>>
>>>>> Senaka Fernando*
>>>>> Member - Integration Technologies Management Committee;
>>>>> Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>
>>>>> E-mail: senaka AT wso2.com
>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>
>>>>> *Lean . Enterprise . Middleware
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Lalaji Sureshika
>>>> Software Engineer; Development Technologies Team;WSO2, Inc.;
>>>> http://wso2.com/
>>>> email: [email protected]; cell: +94 71 608 6811
>>>> blog: http://lalajisureshika.blogspot.com
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> * <http://wso2con.com/>
>>> *
>>> *
>>>
>>> Senaka Fernando*
>>> Member - Integration Technologies Management Committee;
>>> Technical Lead; WSO2 Inc.; http://wso2.com*
>>> Member; Apache Software Foundation; http://apache.org
>>>
>>> E-mail: senaka AT wso2.com
>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>> Linked-In: http://linkedin.com/in/senakafernando
>>>
>>> *Lean . Enterprise . Middleware
>>>
>>>
>>
>>
>> --
>> Lalaji Sureshika
>> Software Engineer; Development Technologies Team;WSO2, Inc.;
>> http://wso2.com/
>> email: [email protected]; cell: +94 71 608 6811
>> blog: http://lalajisureshika.blogspot.com
>>
>>
>>
>>
>
>
> --
> * <http://wso2con.com/>
> *
> *
>
> Senaka Fernando*
> Member - Integration Technologies Management Committee;
> Technical Lead; WSO2 Inc.; http://wso2.com*
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> *Lean . Enterprise . Middleware
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
/sumedha
m: +94 773017743
b : bit.ly/sumedha
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
