+1 to *Option 1*, I don't think we should try and get user profile details from across tenants. If you want to, you should login to the respective tenant explicitly to get that information. I think knowing the name of the tenant user is enough in this case.
On 26 October 2016 at 13:40, Chamin Dias <[email protected]> wrote: > Hi, > > This is related to public JIRA : https://wso2.org/jira/ > browse/APIMANAGER-5384 > > In API Publisher, there is a table to show “Top API Users”. It shows the > users who has used the API frequently. > > In the below example, “stuer1” and “stuer2” are users in the super tenant > space while “hruser1” and “hruser2” are users in a separate tenant (i.e - > hr.com) > > [image: Inline image 4] > > When we click the name of the user, it shows the details of the user. (i.e > - profile details) > > [image: Inline image 3] > In a multi-tenant environment, it only shows the profiles of the same > tenant. It does not show the profiles details of users from other tenants. > Reason for the issue is that the code is using super tenant credentials to > retrieve user profile of a tenant user [1]. > > *Question : In a multi-tenant environment is it OK to show the details of > the users (i.e - profile) in other tenants?* > > As per the discussions we had with APIM and IS teams (got to know that the > code does not allow to view user details across tenants), there were few > opinions. > > *Option 1* - If we allow this, it violates the tenant boundary. Hence we > should not show profile details. (or show profiles of users from same > tenant *only*) > > *Option 2 *- Requirement is OK. We should support viewing user profiles > across tenants. > > We have done the following to check if we can get the profile of a user > from another tenant, but it failed, so if we are going to support this > requirement, is there a way we can achieve this? > > String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil. > replaceEmailDomainBack(username)); > int tenantId = ServiceReferenceHolder. > getInstance().getRealmService().getTenantManager() > .getTenantId(tenantDomain); > String tenantAdminUserName = ServiceReferenceHolder. > getInstance().getRealmService() > .getTenantUserRealm(tenantId).getRealmConfiguration(). > getAdminUserName(); > > String tenantAdminPassword = ServiceReferenceHolder. > getInstance().getRealmService().getTenantUserRealm(tenantId) > .getRealmConfiguration().getAdminPassword(); > > //Then used the credentials of the tenant admin like this. > > CarbonUtils.setBasicAccessSecurityHeaders(tenantAdminUserName, > tenantAdminPassword, gatewayServiceClient); > > UserProfileDTO[] profiles = stub.getUserProfiles(username); > for (UserProfileDTO dto : profiles) { > if (APIConstants.USER_DEFAULT_PROFILE.equals(dto.getProfileName())) { > return dto; > } > } > > Please share your ideas on this. > > Thanks. > > [1] https://github.com/wso2/carbon-apimgt/blob/master/ > components/apimgt/org.wso2.carbon.apimgt.impl/src/main/ > java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java#L2210-2210 > > -- > Chamin Dias > *Software Engineer* > Mobile : +94 (0) 716 097455 <%2B94%20%280%29%20773%20451194> > Email : [email protected] > Blog : https://chamindias.wordpress.com/ > -- Regards, Uvindra Mobile: 777733962
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
