Re: [Dev] [IS] User's can disable their own accounts

2016-03-23 Thread Dilini Gunatilake 
Thanks Johann.

Raised a jira [1] to track the issue.

[1] https://wso2.org/jira/browse/IDENTITY-4442

Regards,
Dilini

On Wed, Mar 23, 2016 at 2:50 PM, Johann Nallathamby  wrote:

>
> On Wed, Mar 23, 2016 at 2:38 PM, Dilini Gunatilake 
> wrote:
>
>> Hi Johann,
>>
>> Thanks for the information. You have mentioned that it is highly unlikely
>> that users are accessing their profiles via the management console. Can you
>> please clarify whether it is the same for the Dashboard also? Because the
>> end users can disable their profiles via the dashboard as well.
>>
>
> That could be a issue. In that case we will special case this claim in the
> dashboard and not show it.
> @Pushpalanka: please note.
>
> Ideally we should have application specific profile in IS and each
> application should decide what claims to show and what not to.
>
> Thanks.
>
>
>>
>> Thank you.
>>
>> Regards,
>> Dilini
>>
>>
>> On Tue, Mar 22, 2016 at 9:42 PM, Johann Nallathamby 
>> wrote:
>>
>>> Hi Dilini,
>>>
>>> It true that we ideally should special case this claim and not show in
>>> the profile so a normal end user cannot disable himself.
>>>
>>> But this feature is just a renaming of the previous account lock feature
>>> we had, except that account lock was previously used for two purposes.
>>> 1. Locking the account of a user by admin (current user disable feature)
>>> 2. Locking the account when invalid password attempts exceeded.
>>> Even in 5.1.0 this was the case; one can lock himself out using the
>>> profile and unexpected errors are thrown from management console.
>>>
>>> However due to following reasons we are thinking of not addressing this
>>> in 5.2.0 release.
>>> 1. It is highly unlikely end users of applications are allowed access to
>>> the IS management console to update their profile. Generally they update
>>> the profile through custom screens in the application side. Carbon admin
>>> console is not exposed to end users generally.
>>> 2. Very soon we are going to move away from management console UI to a
>>> jaggery based portal separate for end users and admin users.
>>>
>>> Due to above reasons we are thinking of deprioritizing this change
>>> request.
>>>
>>> Regards,
>>> Johann.
>>>
>>>
>>> On Mon, Mar 21, 2016 at 5:32 PM, Dilini Gunatilake 
>>> wrote:
>>>
 Hi Pushpalanka,

 Any update on this? Is there any change done in the Alpha release?

 Regards,
 Dilini

 On Fri, Mar 11, 2016 at 12:39 PM, Pushpalanka Jayawardhana <
 la...@wso2.com> wrote:

> Hi Dilini,
>
> Intended use of this feature is only for administrators/users with
> user-mgt previlleges to disable/enable user accounts.
> Therefore a user should not be able to disable own account. We
> discussed to hide this claim from user profile UI by default and move the
> disable/enable click to user list view. This is not done yet though.
>
> Will get to you after discussing with the team on our stand on this.
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
> wrote:
>
>> Hi IS Team,
>>
>> When identifying test scenarios for User Account Disability feature
>> in IS 520, I noticed that users can disable their own accounts and carry
>> out work until the session expires or they log out. But the system will
>> throw exceptions for the operations they do in both management console 
>> and
>> dashboard. eg: change the password
>>
>> What should be the ideal behaviour in this scenario? Should the user
>> have privileges to disable their own account?
>>
>> Thank you,
>>
>> Regards,
>>
>> --
>>
>> *Dilini GunatilakeSoftware Engineer - QA Team*
>> Mobile : +94 (0) 771 162518
>> dili...@wso2.com
>>
>
>


 --

 *Dilini GunatilakeSoftware Engineer - QA Team*
 Mobile : +94 (0) 771 162518
 dili...@wso2.com

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>>
>> *Dilini GunatilakeSoftware Engineer - QA Team*
>> Mobile : +94 (0) 771 162518
>> dili...@wso2.com
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 

*Dili

Re: [Dev] [IS] User's can disable their own accounts

2016-03-23 Thread Johann Nallathamby 
On Wed, Mar 23, 2016 at 2:38 PM, Dilini Gunatilake  wrote:

> Hi Johann,
>
> Thanks for the information. You have mentioned that it is highly unlikely
> that users are accessing their profiles via the management console. Can you
> please clarify whether it is the same for the Dashboard also? Because the
> end users can disable their profiles via the dashboard as well.
>

That could be a issue. In that case we will special case this claim in the
dashboard and not show it.
@Pushpalanka: please note.

Ideally we should have application specific profile in IS and each
application should decide what claims to show and what not to.

Thanks.


>
> Thank you.
>
> Regards,
> Dilini
>
>
> On Tue, Mar 22, 2016 at 9:42 PM, Johann Nallathamby 
> wrote:
>
>> Hi Dilini,
>>
>> It true that we ideally should special case this claim and not show in
>> the profile so a normal end user cannot disable himself.
>>
>> But this feature is just a renaming of the previous account lock feature
>> we had, except that account lock was previously used for two purposes.
>> 1. Locking the account of a user by admin (current user disable feature)
>> 2. Locking the account when invalid password attempts exceeded.
>> Even in 5.1.0 this was the case; one can lock himself out using the
>> profile and unexpected errors are thrown from management console.
>>
>> However due to following reasons we are thinking of not addressing this
>> in 5.2.0 release.
>> 1. It is highly unlikely end users of applications are allowed access to
>> the IS management console to update their profile. Generally they update
>> the profile through custom screens in the application side. Carbon admin
>> console is not exposed to end users generally.
>> 2. Very soon we are going to move away from management console UI to a
>> jaggery based portal separate for end users and admin users.
>>
>> Due to above reasons we are thinking of deprioritizing this change
>> request.
>>
>> Regards,
>> Johann.
>>
>>
>> On Mon, Mar 21, 2016 at 5:32 PM, Dilini Gunatilake 
>> wrote:
>>
>>> Hi Pushpalanka,
>>>
>>> Any update on this? Is there any change done in the Alpha release?
>>>
>>> Regards,
>>> Dilini
>>>
>>> On Fri, Mar 11, 2016 at 12:39 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
 Hi Dilini,

 Intended use of this feature is only for administrators/users with
 user-mgt previlleges to disable/enable user accounts.
 Therefore a user should not be able to disable own account. We
 discussed to hide this claim from user profile UI by default and move the
 disable/enable click to user list view. This is not done yet though.

 Will get to you after discussing with the team on our stand on this.

 Thanks,
 Pushpalanka.
 --
 Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
 Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
 Mobile: +94779716248
 Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
 lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


 On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
 wrote:

> Hi IS Team,
>
> When identifying test scenarios for User Account Disability feature in
> IS 520, I noticed that users can disable their own accounts and carry out
> work until the session expires or they log out. But the system will throw
> exceptions for the operations they do in both management console and
> dashboard. eg: change the password
>
> What should be the ideal behaviour in this scenario? Should the user
> have privileges to disable their own account?
>
> Thank you,
>
> Regards,
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>


>>>
>>>
>>> --
>>>
>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>> Mobile : +94 (0) 771 162518
>>> dili...@wso2.com
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Technical Lead & Product Lead of WSO2 Identity Server
>> Governance Technologies Team
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] User's can disable their own accounts

2016-03-23 Thread Dilini Gunatilake 
Hi Johann,

Thanks for the information. You have mentioned that it is highly unlikely
that users are accessing their profiles via the management console. Can you
please clarify whether it is the same for the Dashboard also? Because the
end users can disable their profiles via the dashboard as well.

Thank you.

Regards,
Dilini


On Tue, Mar 22, 2016 at 9:42 PM, Johann Nallathamby  wrote:

> Hi Dilini,
>
> It true that we ideally should special case this claim and not show in the
> profile so a normal end user cannot disable himself.
>
> But this feature is just a renaming of the previous account lock feature
> we had, except that account lock was previously used for two purposes.
> 1. Locking the account of a user by admin (current user disable feature)
> 2. Locking the account when invalid password attempts exceeded.
> Even in 5.1.0 this was the case; one can lock himself out using the
> profile and unexpected errors are thrown from management console.
>
> However due to following reasons we are thinking of not addressing this in
> 5.2.0 release.
> 1. It is highly unlikely end users of applications are allowed access to
> the IS management console to update their profile. Generally they update
> the profile through custom screens in the application side. Carbon admin
> console is not exposed to end users generally.
> 2. Very soon we are going to move away from management console UI to a
> jaggery based portal separate for end users and admin users.
>
> Due to above reasons we are thinking of deprioritizing this change request.
>
> Regards,
> Johann.
>
>
> On Mon, Mar 21, 2016 at 5:32 PM, Dilini Gunatilake 
> wrote:
>
>> Hi Pushpalanka,
>>
>> Any update on this? Is there any change done in the Alpha release?
>>
>> Regards,
>> Dilini
>>
>> On Fri, Mar 11, 2016 at 12:39 PM, Pushpalanka Jayawardhana <
>> la...@wso2.com> wrote:
>>
>>> Hi Dilini,
>>>
>>> Intended use of this feature is only for administrators/users with
>>> user-mgt previlleges to disable/enable user accounts.
>>> Therefore a user should not be able to disable own account. We discussed
>>> to hide this claim from user profile UI by default and move the
>>> disable/enable click to user list view. This is not done yet though.
>>>
>>> Will get to you after discussing with the team on our stand on this.
>>>
>>> Thanks,
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>> On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
>>> wrote:
>>>
 Hi IS Team,

 When identifying test scenarios for User Account Disability feature in
 IS 520, I noticed that users can disable their own accounts and carry out
 work until the session expires or they log out. But the system will throw
 exceptions for the operations they do in both management console and
 dashboard. eg: change the password

 What should be the ideal behaviour in this scenario? Should the user
 have privileges to disable their own account?

 Thank you,

 Regards,

 --

 *Dilini GunatilakeSoftware Engineer - QA Team*
 Mobile : +94 (0) 771 162518
 dili...@wso2.com

>>>
>>>
>>
>>
>> --
>>
>> *Dilini GunatilakeSoftware Engineer - QA Team*
>> Mobile : +94 (0) 771 162518
>> dili...@wso2.com
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 

*Dilini GunatilakeSoftware Engineer - QA Team*
Mobile : +94 (0) 771 162518
dili...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] User's can disable their own accounts

2016-03-22 Thread Johann Nallathamby 
Hi Dilini,

It true that we ideally should special case this claim and not show in the
profile so a normal end user cannot disable himself.

But this feature is just a renaming of the previous account lock feature we
had, except that account lock was previously used for two purposes.
1. Locking the account of a user by admin (current user disable feature)
2. Locking the account when invalid password attempts exceeded.
Even in 5.1.0 this was the case; one can lock himself out using the profile
and unexpected errors are thrown from management console.

However due to following reasons we are thinking of not addressing this in
5.2.0 release.
1. It is highly unlikely end users of applications are allowed access to
the IS management console to update their profile. Generally they update
the profile through custom screens in the application side. Carbon admin
console is not exposed to end users generally.
2. Very soon we are going to move away from management console UI to a
jaggery based portal separate for end users and admin users.

Due to above reasons we are thinking of deprioritizing this change request.

Regards,
Johann.


On Mon, Mar 21, 2016 at 5:32 PM, Dilini Gunatilake  wrote:

> Hi Pushpalanka,
>
> Any update on this? Is there any change done in the Alpha release?
>
> Regards,
> Dilini
>
> On Fri, Mar 11, 2016 at 12:39 PM, Pushpalanka Jayawardhana  > wrote:
>
>> Hi Dilini,
>>
>> Intended use of this feature is only for administrators/users with
>> user-mgt previlleges to disable/enable user accounts.
>> Therefore a user should not be able to disable own account. We discussed
>> to hide this claim from user profile UI by default and move the
>> disable/enable click to user list view. This is not done yet though.
>>
>> Will get to you after discussing with the team on our stand on this.
>>
>> Thanks,
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>
>>
>> On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
>> wrote:
>>
>>> Hi IS Team,
>>>
>>> When identifying test scenarios for User Account Disability feature in
>>> IS 520, I noticed that users can disable their own accounts and carry out
>>> work until the session expires or they log out. But the system will throw
>>> exceptions for the operations they do in both management console and
>>> dashboard. eg: change the password
>>>
>>> What should be the ideal behaviour in this scenario? Should the user
>>> have privileges to disable their own account?
>>>
>>> Thank you,
>>>
>>> Regards,
>>>
>>> --
>>>
>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>> Mobile : +94 (0) 771 162518
>>> dili...@wso2.com
>>>
>>
>>
>
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] User's can disable their own accounts

2016-03-21 Thread Dilini Gunatilake 
Hi Pushpalanka,

Any update on this? Is there any change done in the Alpha release?

Regards,
Dilini

On Fri, Mar 11, 2016 at 12:39 PM, Pushpalanka Jayawardhana 
wrote:

> Hi Dilini,
>
> Intended use of this feature is only for administrators/users with
> user-mgt previlleges to disable/enable user accounts.
> Therefore a user should not be able to disable own account. We discussed
> to hide this claim from user profile UI by default and move the
> disable/enable click to user list view. This is not done yet though.
>
> Will get to you after discussing with the team on our stand on this.
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
> wrote:
>
>> Hi IS Team,
>>
>> When identifying test scenarios for User Account Disability feature in IS
>> 520, I noticed that users can disable their own accounts and carry out work
>> until the session expires or they log out. But the system will throw
>> exceptions for the operations they do in both management console and
>> dashboard. eg: change the password
>>
>> What should be the ideal behaviour in this scenario? Should the user have
>> privileges to disable their own account?
>>
>> Thank you,
>>
>> Regards,
>>
>> --
>>
>> *Dilini GunatilakeSoftware Engineer - QA Team*
>> Mobile : +94 (0) 771 162518
>> dili...@wso2.com
>>
>
>


-- 

*Dilini GunatilakeSoftware Engineer - QA Team*
Mobile : +94 (0) 771 162518
dili...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] User's can disable their own accounts

2016-03-10 Thread Pushpalanka Jayawardhana 
Hi Dilini,

Intended use of this feature is only for administrators/users with user-mgt
previlleges to disable/enable user accounts.
Therefore a user should not be able to disable own account. We discussed to
hide this claim from user profile UI by default and move the disable/enable
click to user list view. This is not done yet though.

Will get to you after discussing with the team on our stand on this.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake 
wrote:

> Hi IS Team,
>
> When identifying test scenarios for User Account Disability feature in IS
> 520, I noticed that users can disable their own accounts and carry out work
> until the session expires or they log out. But the system will throw
> exceptions for the operations they do in both management console and
> dashboard. eg: change the password
>
> What should be the ideal behaviour in this scenario? Should the user have
> privileges to disable their own account?
>
> Thank you,
>
> Regards,
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] User's can disable their own accounts

2016-03-10 Thread Dilini Gunatilake 
Hi IS Team,

When identifying test scenarios for User Account Disability feature in IS
520, I noticed that users can disable their own accounts and carry out work
until the session expires or they log out. But the system will throw
exceptions for the operations they do in both management console and
dashboard. eg: change the password

What should be the ideal behaviour in this scenario? Should the user have
privileges to disable their own account?

Thank you,

Regards,

-- 

*Dilini GunatilakeSoftware Engineer - QA Team*
Mobile : +94 (0) 771 162518
dili...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev