Hi Dulitha, Thanks for the feedback.
One more question on Permissions. If there is no role mapping in the permission tree, how do we check whether a particular user is authorized to perform some UI operation or not? I see that authorization check happens at the MDM web-application API level, but is unclear on the *checking-mechanism* simply due to the fact that I don't see any place where permissions get mapped to logged-in users. Thanks, Dilan. *Dilan U. Ariyaratne* Software Engineer WSO2 Inc. <http://wso2.com/> Mobile: +94775149066 lean . enterprise . middleware On Wed, Apr 8, 2015 at 5:07 PM, Dulitha Wijewantha <duli...@wso2.com> wrote: > > > On Wed, Apr 8, 2015 at 3:52 PM, Dilan Udara Ariyaratne <dil...@wso2.com> > wrote: > >> Hi Folks, >> >> I have been going through the permission model used by WSO2 MDM UI 2.0.0 >> Release >> and found out that we are inserting a set of self-defined permissions to >> a registry path >> starting with the following pattern. >> >> "/_system/governance/permission/" in >> registry.put("/_system/governance/permission/" + path + "/" + >> permission.key, resource); >> >> My first question would be: >> [1] Is this some kind of standard path" where we can define permissions >> as in some permission tree where a set of permissions mapped into >> some defined role? >> > This is a the location used to add new permissions (but not assigining). > What you add here will be available in the permission tree. > > >> >> My second question would be: >> [2] How does the mapping occur in between users -> Roles -> Permissions? >> I have seen some kind of mapping in between permissions and roles >> for the following two user types >> (A) device-mgt/admin and (B) device-mgt/user >> in insertAppPermissions() function inside modules/utility.js file. >> Is this some kind of temporary touch-up for the permission model or >> are we planning to have only these two user roles in the system? >> > Their is no role mapping in the permission tree. 'admin' and 'user' are > used to categorize certain permissions. In device management context, it > means controller other's devices vs controlling my devices. But still - we > have to assign the permissions to the role. If a role has a device-mgt/admin > permission, it can do operations/actions on others devices. > > >> Appreciate your feedback on this. >> >> Thanks. >> >> *Dilan U. Ariyaratne* >> Software Engineer >> WSO2 Inc. <http://wso2.com/> >> Mobile: +94775149066 >> lean . enterprise . middleware >> > > > > -- > Dulitha Wijewantha (Chan) > Software Engineer - Mobile Development > WSO2 Inc > Lean.Enterprise.Middleware > * ~Email duli...@wso2.com <duli...@wso2mobile.com>* > * ~Mobile +94712112165 <%2B94712112165>* > * ~Website dulitha.me <http://dulitha.me>* > * ~Twitter @dulitharw <https://twitter.com/dulitharw>* > *~Github @dulichan <https://github.com/dulichan>* > *~SO @chan <http://stackoverflow.com/users/813471/chan>* >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev