Re: [Dev] Permissions issues with some default roles in WSO2 App Manager
Hi Ruwan, IMHO, for App Manager users it'll be useful to have set of default roles given that the permissions are assigned accurately. We reported many issues in this area assuming the following is the expected behavior. *Transition Process* *Allowed Roles* *Allowed Actions* Creating a new app Administrator Internal/PublisherSubmitting newly created apps Administrator Internal/Publisher Submit Reviewing submitted apps Administrator Internal/Review Approve Reject Publishing approved apps Administrator Internal/Publisher Publish Re-submitting rejected apps Administrator Internal/Publisher Submit Unpublishing published apps Administrator Internal/Publisher Unpublish Re-publishing unpublished apps Administrator Internal/Publisher Publish Deprecating unpublished apps Administrator Internal/Publisher Deprecate Deprecating published apps Administrator Internal/Publisher Deprecate Retiring deprecated apps Administrator Internal/Publisher Retire If this is going to change, please let us know once it is finalized. Hope it'll be documented too. Thanks, Sandapa On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara ruw...@wso2.com wrote: Hi Thilini, The internal/store role is pretty much obsolete AFAIK. However there are specific validations on the roles i've listed below . intermal/publisher - Can create Apps but cannot publish internal/reviewer - Ones, publisher submits for an app to be published, reviewer permission is needed to approve said request. internal/subscriber - This role needs to be available for anyone to be able to login to the store. However, IMHO i believe this is wrong and we should change it (Had a chat with Manu and I think this is the same way things are implemented in ES). *What we should do is basically go for a permission check rather than check for a role*. For an instance for creating of apps we should check if a particular user has api/create *permission *(can be of any role) and to publish api/publish, permission etc. For the store however, its ok to have a role based check as there is no specific reference to store access in the permission tree. Thanks and Regards, Ruwan Yatawara Senior Software Engineer, WSO2 Inc. email : ruw...@wso2.com mobile : +94 77 9110413 blog : http://thoughts.ruwan-ace.com/ www: :http://wso2.com On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika thili...@wso2.com wrote: Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Sandapa Handakumbura Associate Technical Lead WSO2.Inc. ; http://wso2.com/ M : +94777115866 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Permissions issues with some default roles in WSO2 App Manager
Hi, FYI, Here is how Mobile Apps works. Roles 1. Intermal/Publisher 2. Internal/Reviewer 3. admin (admin has ability to perform all operations below) - *Main Flow* *Publisher* 1. Publisher *create* the app 2. App goes to *Created* state 3. Publisher *submit* the app 4. App goes to *In-review *state *Reviewer* 5. Reviewer *approve* the app 6. App goes to* Approved* state *Publisher* 7. Publisher *publish* the app 8. App goes to *Published* state. --- *Alternative flow 1* *Reviewer* 4.1. Reviewer* reject* the App 4.2 App goes to *Rejected* state *Publisher* 4.3 Publisher *resubmit* the App 4.4 App Goes to *In-review* state --- *Alternative flow 2* *Publisher* 8.1 Publisher *un-publish* the app 8.2 App goes to *Un-published* state 8. Publisher *publish* the app 8.4. App goes to *Published *state 8.2.1 Publisher *retire* the app 8.2.2 App goes to *Retired* state On Fri, Feb 6, 2015 at 2:25 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Thilini, On Fri, Feb 6, 2015 at 2:07 PM, Thilini Shanika thili...@wso2.com wrote: Hi, Need some clarification regarding the issue - [1]. In super tenant mode all the default roles can be seen once we login to carbon console(Internal/everyone, Internal/publisher, Internal/reviewer, Internal/subscriber, admin roles) . But in tenant mode, when we initially log in to admin console, we can only see admin, Internal/everyone, Internal/subscriber roles only and some roles are missing. But once we login to publisher, the missing roles - Internal/publisher and Internal/reviewer are generated. Is this the expected behavior or do we need to make those missing roles available in tenant mode also? This is a bug. Internal/publisher and Internal/reviewer roles also need to be created at the tenant loading time. i.e even when you login to the carbon-mgt console for the first time this role need to be get created in the same way we do for internal/subscriber role. Regards, Dinusha. [1] - https://wso2.org/jira/browse/APPM-332 On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara ruw...@wso2.com wrote: Hi Thilini, The internal/store role is pretty much obsolete AFAIK. However there are specific validations on the roles i've listed below . intermal/publisher - Can create Apps but cannot publish internal/reviewer - Ones, publisher submits for an app to be published, reviewer permission is needed to approve said request. internal/subscriber - This role needs to be available for anyone to be able to login to the store. However, IMHO i believe this is wrong and we should change it (Had a chat with Manu and I think this is the same way things are implemented in ES). *What we should do is basically go for a permission check rather than check for a role*. For an instance for creating of apps we should check if a particular user has api/create *permission *(can be of any role) and to publish api/publish, permission etc. For the store however, its ok to have a role based check as there is no specific reference to store access in the permission tree. Thanks and Regards, Ruwan Yatawara Senior Software Engineer, WSO2 Inc. email : ruw...@wso2.com mobile : +94 77 9110413 blog : http://thoughts.ruwan-ace.com/ www: :http://wso2.com On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika thili...@wso2.com wrote: Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Regards, Chatura Dilan Perera *(Senior Software Engineer** - WSO2 Inc.**)* www.dilan.me ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Permissions issues with some default roles in WSO2 App Manager
Hi, Need some clarification regarding the issue - [1]. In super tenant mode all the default roles can be seen once we login to carbon console(Internal/everyone, Internal/publisher, Internal/reviewer, Internal/subscriber, admin roles) . But in tenant mode, when we initially log in to admin console, we can only see admin, Internal/everyone, Internal/subscriber roles only and some roles are missing. But once we login to publisher, the missing roles - Internal/publisher and Internal/reviewer are generated. Is this the expected behavior or do we need to make those missing roles available in tenant mode also? [1] - https://wso2.org/jira/browse/APPM-332 On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara ruw...@wso2.com wrote: Hi Thilini, The internal/store role is pretty much obsolete AFAIK. However there are specific validations on the roles i've listed below . intermal/publisher - Can create Apps but cannot publish internal/reviewer - Ones, publisher submits for an app to be published, reviewer permission is needed to approve said request. internal/subscriber - This role needs to be available for anyone to be able to login to the store. However, IMHO i believe this is wrong and we should change it (Had a chat with Manu and I think this is the same way things are implemented in ES). *What we should do is basically go for a permission check rather than check for a role*. For an instance for creating of apps we should check if a particular user has api/create *permission *(can be of any role) and to publish api/publish, permission etc. For the store however, its ok to have a role based check as there is no specific reference to store access in the permission tree. Thanks and Regards, Ruwan Yatawara Senior Software Engineer, WSO2 Inc. email : ruw...@wso2.com mobile : +94 77 9110413 blog : http://thoughts.ruwan-ace.com/ www: :http://wso2.com On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika thili...@wso2.com wrote: Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Permissions issues with some default roles in WSO2 App Manager
Hi Thilini, I think it is coming form ES. In publisher those roles are created when the admin user first login to the publisher. +1 for Dinusha's suggestion On Fri, Feb 6, 2015 at 2:25 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Thilini, On Fri, Feb 6, 2015 at 2:07 PM, Thilini Shanika thili...@wso2.com wrote: Hi, Need some clarification regarding the issue - [1]. In super tenant mode all the default roles can be seen once we login to carbon console(Internal/everyone, Internal/publisher, Internal/reviewer, Internal/subscriber, admin roles) . But in tenant mode, when we initially log in to admin console, we can only see admin, Internal/everyone, Internal/subscriber roles only and some roles are missing. But once we login to publisher, the missing roles - Internal/publisher and Internal/reviewer are generated. Is this the expected behavior or do we need to make those missing roles available in tenant mode also? This is a bug. Internal/publisher and Internal/reviewer roles also need to be created at the tenant loading time. i.e even when you login to the carbon-mgt console for the first time this role need to be get created in the same way we do for internal/subscriber role. Regards, Dinusha. [1] - https://wso2.org/jira/browse/APPM-332 On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara ruw...@wso2.com wrote: Hi Thilini, The internal/store role is pretty much obsolete AFAIK. However there are specific validations on the roles i've listed below . intermal/publisher - Can create Apps but cannot publish internal/reviewer - Ones, publisher submits for an app to be published, reviewer permission is needed to approve said request. internal/subscriber - This role needs to be available for anyone to be able to login to the store. However, IMHO i believe this is wrong and we should change it (Had a chat with Manu and I think this is the same way things are implemented in ES). *What we should do is basically go for a permission check rather than check for a role*. For an instance for creating of apps we should check if a particular user has api/create *permission *(can be of any role) and to publish api/publish, permission etc. For the store however, its ok to have a role based check as there is no specific reference to store access in the permission tree. Thanks and Regards, Ruwan Yatawara Senior Software Engineer, WSO2 Inc. email : ruw...@wso2.com mobile : +94 77 9110413 blog : http://thoughts.ruwan-ace.com/ www: :http://wso2.com On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika thili...@wso2.com wrote: Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Regards, Chatura Dilan Perera *(Senior Software Engineer** - WSO2 Inc.**)* www.dilan.me ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Permissions issues with some default roles in WSO2 App Manager
Hi Thilini, The internal/store role is pretty much obsolete AFAIK. However there are specific validations on the roles i've listed below . intermal/publisher - Can create Apps but cannot publish internal/reviewer - Ones, publisher submits for an app to be published, reviewer permission is needed to approve said request. internal/subscriber - This role needs to be available for anyone to be able to login to the store. However, IMHO i believe this is wrong and we should change it (Had a chat with Manu and I think this is the same way things are implemented in ES). *What we should do is basically go for a permission check rather than check for a role*. For an instance for creating of apps we should check if a particular user has api/create *permission *(can be of any role) and to publish api/publish, permission etc. For the store however, its ok to have a role based check as there is no specific reference to store access in the permission tree. Thanks and Regards, Ruwan Yatawara Senior Software Engineer, WSO2 Inc. email : ruw...@wso2.com mobile : +94 77 9110413 blog : http://thoughts.ruwan-ace.com/ www: :http://wso2.com On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika thili...@wso2.com wrote: Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Permissions issues with some default roles in WSO2 App Manager
Hi all, There are several bugs reported regarding the permission issues of default roles in App Manager. In order to fix and resolve them, we need to clarify what are the exact usage and permissions which should assigned with those roles. The roles which were subjected to permission issues are listed below with the current permissions assigned. - Internal/store-admin - Login - Internal/store - Login - Internal/reviewer- Login Can you please specify what are the usage, and whether the current permissions assigned are correct? If not correct what are the exact permissions that these roles should be assigned with? -- Thilini Shanika Software Engineer WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: tgtshan...@gmail.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev