Hi Danushka, Your argument is valid. Instead of checking whether the user is in a role I should be checking the permissions available for that user. Sorry for the delay to reply.
Thanks, Hemika Hemika Kodikara Software Engineer WSO2 Inc. lean . enterprise . middleware http://wso2.com Mobile : +94777688882 On Tue, Jan 27, 2015 at 3:35 AM, Danushka Fernando <[email protected]> wrote: > > Find my comments inline > > > On Mon, Jan 26, 2015 at 10:31 AM, Hemika Kodikara <[email protected]> wrote: > >> Hi Tharindu, >> >> Yes, I am currently using that for non-admin users to check against a >> permission resource path. >> >> But what I need exactly is to know whether the user is in the admin role >> or not. >> > > Can you explain the whole scenario. This doesn't makes sense to me since > in WSO2 user management model we check for permissions not roles. *Please > explain why?* > >> >> Would using "isPrimaryAdminUser" suffice to replace the following >> implementation that I am currently using ? >> >> private static boolean isAdminUser(String username, UserRealm userRealm) { >> try { >> String[] userRoles = >> userRealm.getUserStoreManager().getRoleListOfUser(username); >> String adminRole = >> userRealm.getRealmConfiguration().getAdminRoleName(); >> >> for (String userRole : userRoles) { >> if (adminRole.equals(userRole)) { >> return true; >> } >> } >> } catch (UserStoreException e) { >> log.error("Error while retrieving roles for user " + >> username, e); >> } >> return false; >> } >> >> Thanks, >> Hemika >> >> >> >> Hemika Kodikara >> Software Engineer >> WSO2 Inc. >> lean . enterprise . middleware >> http://wso2.com >> >> Mobile : +94777688882 >> >> On Mon, Jan 26, 2015 at 10:20 AM, Tharindu Edirisinghe < >> [email protected]> wrote: >> >>> Hi Hemika, >>> >>> If you are concerned if the logged in user is authorized to perform some >>> specific action, you can use following without going for role comparison. >>> >>> String loggedInUser = >>> CarbonContext.getThreadLocalCarbonContext().getUsername(); >>> >>> UserRealm realm = (UserRealm) >>> CarbonContext.getThreadLocalCarbonContext().getUserRealm(); >>> >>> if (realm.getAuthorizationManager().isUserAuthorized(loggedInUser, >>> *permissionResourcePath*,* UserMgtConstants.EXECUTE_ACTION*)) { >>> >>> // action >>> } >>> >>> You need to specify the permissionResourcePath and the action (bold >>> above) accordingly. >>> >>> Regards, >>> TharinduE >>> >>> On Mon, Jan 26, 2015 at 10:04 AM, Hemika Kodikara <[email protected]> >>> wrote: >>> >>>> Hi Tharindu, >>>> >>>> Thanks for the code snippet, >>>> >>>> I'll check that out. >>>> >>>> Thanks, >>>> Hemika >>>> >>>> Hemika Kodikara >>>> Software Engineer >>>> WSO2 Inc. >>>> lean . enterprise . middleware >>>> http://wso2.com >>>> >>>> Mobile : +94777688882 >>>> >>>> On Sun, Jan 25, 2015 at 11:23 PM, Tharindu Edirisinghe < >>>> [email protected]> wrote: >>>> >>>>> Hi Hemika, >>>>> >>>>> org.wso2.carbon.user.core.util.UserCoreUtil class has following method >>>>> for checking if the user is primary admin user. >>>>> >>>>> public static boolean isPrimaryAdminUser(String userName, >>>>> RealmConfiguration realmConfig) >>>>> >>>>> Regards, >>>>> TharinduE >>>>> >>>>> On Sun, Jan 25, 2015 at 11:02 PM, Hemika Kodikara <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Is there an existing method in carbon to find whether a user is an >>>>>> admin or not provided their username ? >>>>>> >>>>>> Regards, >>>>>> Hemika >>>>>> >>>>>> Hemika Kodikara >>>>>> Software Engineer >>>>>> WSO2 Inc. >>>>>> lean . enterprise . middleware >>>>>> http://wso2.com >>>>>> >>>>>> Mobile : +94777688882 >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Tharindu Edirisinghe >>>>> Software Engineer | WSO2 Inc >>>>> Identity Server Team >>>>> mobile : +94 775 181586 >>>>> >>>> >>>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Software Engineer | WSO2 Inc >>> Identity Server Team >>> mobile : +94 775 181586 >>> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> Thanks & Regards > Danushka Fernando > Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
