Hi Thilini, I think it is coming form ES. In publisher those roles are created when the admin user first login to the publisher. +1 for Dinusha's suggestion
On Fri, Feb 6, 2015 at 2:25 PM, Dinusha Senanayaka <[email protected]> wrote: > Hi Thilini, > > > > On Fri, Feb 6, 2015 at 2:07 PM, Thilini Shanika <[email protected]> wrote: > >> Hi, >> Need some clarification regarding the issue - [1]. >> >> In super tenant mode all the default roles can be seen once we login to >> carbon console(Internal/everyone, Internal/publisher, Internal/reviewer, >> Internal/subscriber, >> admin roles) . But in tenant mode, when we initially log in to admin >> console, we can only see admin, Internal/everyone, Internal/subscriber >> roles only and some roles are missing. But once we login to publisher, the >> missing roles - Internal/publisher and Internal/reviewer are generated. >> >> Is this the expected behavior or do we need to make those missing roles >> available in tenant mode also? >> > > This is a bug. Internal/publisher and Internal/reviewer roles also need to > be created at the tenant loading time. i.e even when you login to the > carbon-mgt console for the first time this role need to be get created in > the same way we do for internal/subscriber role. > > Regards, > Dinusha. > >> >> [1] - https://wso2.org/jira/browse/APPM-332 >> >> On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara <[email protected]> wrote: >> >>> Hi Thilini, >>> >>> The internal/store role is pretty much obsolete AFAIK. However there are >>> specific validations on the roles i've listed below . >>> >>> intermal/publisher - Can create Apps but cannot publish >>> internal/reviewer - Ones, publisher submits for an app to be published, >>> reviewer permission is needed to approve said request. >>> internal/subscriber - This role needs to be available for anyone to be >>> able to login to the store. >>> >>> However, IMHO i believe this is wrong and we should change it (Had a >>> chat with Manu and I think this is the same way things are implemented in >>> ES). >>> >>> *What we should do is basically go for a permission check rather than >>> check for a role*. For an instance for creating of apps we should check >>> if a particular user has "api/create" *permission *(can be of any role) and >>> to publish "api/publish", permission etc. For the store however, its ok to >>> have a role based check as there is no specific reference to "store access" >>> in the permission tree. >>> >>> >>> Thanks and Regards, >>> >>> Ruwan Yatawara >>> >>> Senior Software Engineer, >>> WSO2 Inc. >>> >>> email : [email protected] >>> mobile : +94 77 9110413 >>> blog : http://thoughts.ruwan-ace.com/ >>> www: :http://wso2.com >>> >>> >>> On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> There are several bugs reported regarding the permission issues of >>>> default roles in App Manager. In order to fix and resolve them, we need to >>>> clarify what are the exact usage and permissions which should assigned >>>> with those roles. >>>> >>>> The roles which were subjected to permission issues are listed below >>>> with the current permissions assigned. >>>> >>>> - Internal/store-admin - Login >>>> - Internal/store - Login >>>> - Internal/reviewer - Login >>>> >>>> Can you please specify what are the usage, and whether the current >>>> permissions assigned are correct? If not correct what are the exact >>>> permissions that these roles should be assigned with? >>>> >>>> -- >>>> Thilini Shanika >>>> Software Engineer >>>> WSO2, Inc.; http://wso2.com >>>> 20, Palmgrove Avenue, Colombo 3 >>>> >>>> E-mail: [email protected] >>>> >>>> >>> >> >> >> -- >> Thilini Shanika >> Software Engineer >> WSO2, Inc.; http://wso2.com >> 20, Palmgrove Avenue, Colombo 3 >> >> E-mail: [email protected] >> >> > > > -- > Dinusha Dilrukshi > Senior Software Engineer > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Regards, Chatura Dilan Perera *(Senior Software Engineer** - WSO2 Inc.**)* www.dilan.me
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
