Re: [Dev] Clarification on C5 permission model

[SajithAR Ariyarathna]

>
> Any idea on defining the resources and actions (permission tree)?
>
We are still working on the UI (user management UI component) for this.
Until it is completed  you can define permission via CAAS APIs.

Thanks.

On Fri, Aug 12, 2016 at 12:02 PM, Vinod Kavinda  wrote:

> Thanks Thanuja.
> @Rasika,@SajithAR
> Any idea on defining the resources and actions (permission tree)?
>
> Regards,
> Vinod
>
> On Fri, Aug 12, 2016 at 11:41 AM, Thanuja Jayasinghe 
> wrote:
>
>> Hi Vinod,
>>
>> You have to use the JAAS authorization API, instead calling
>> CarbonPrincipal.isAuthorized. As an example, let say we have a
>> CarbonPrincipal. So we can use that principal to build a Subject.
>>
>> Subject subject = new Subject();
>>
>> subject.getPrincipals().add(carbonPrincipal);
>>
>> Then we can use this Subject to call the authorization  API,
>>
>> private boolean isAuthorized(Subject subject, final CarbonPermission 
>> carbonPermission) {
>>
>> final SecurityManager securityManager;
>>
>> if (System.getSecurityManager() == null) {
>> securityManager = new SecurityManager();
>> } else {
>> securityManager = System.getSecurityManager();
>> }
>>
>> try {
>> Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> {
>> securityManager.checkPermission(carbonPermission);
>> return null;
>> }, null);
>> return true;
>> } catch (AccessControlException | PrivilegedActionException e) {
>> if (log.isDebugEnabled()) {
>> log.debug("Authorization Failed", e);
>> }
>> return false;
>> }
>> }
>>
>> Thanks,
>> Thanuja
>>
>> On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera  wrote:
>>
>>> HI Vinod, shouldn't this be asked in a new thread?
>>> Hi Rasika, Sajith, You did this recently, right, Can you please help?
>>>
>>> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:
>>>
 Hi Jayanga,
 I'm trying to authorize the current user with a particular action. I
 have used the following code snippet, Is this correct?

 public static boolean isUserAuthorized(String resource, String action) {
 CarbonPermission carbonPermission = new CarbonPermission(resource,
 action);
 return ((CarbonPrincipal) PrivilegedCarbonContext.getCur
 rentContext().getUserPrincipal())
 .isAuthorized(carbonPermission);
 }

 Further, how do we define a set of Resources and Actions for them? Any
 documentation on this?

 Regards,
 Vinod

 On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
 wrote:

> Hi Prabushi,
>
> Actually there will be no permissions that directly assigned to the
> user. All permissions are assigned through roles. By calling the above
> method in user will indirectly get all permissions through roles which are
> assigned to that particular user. If you need to get permissions for
> specific role, then you can use the same method in role.
>
> Thanks!
>
> *Jayanga Kaushalya*
> Software Engineer
> Mobile: +94777860160
> WSO2 Inc. | http://wso2.com
> lean.enterprise.middleware
>
> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon <
> prabus...@wso2.com> wrote:
>
>> Hi,
>>
>> Thank you for the clarifications Darshana and Jayanga.
>>
>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya > > wrote:
>>
>>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
>>> prabus...@wso2.com> wrote:
>>>

 Hi All,

 1. Is there an  API method to get all the resources permitted to a
 particular user or a role?

>>>
>>> Yes. You can use the method getPermissions(Action action) [1] in
>>> User to retrieve all the permissions assigned to that particular user
>>> filtered by the action. Permission is a resource + action. So 
>>> permissions
>>> filtered by the action is a list of permitted resources.
>>>
>>
>>  Ah great, now I understood that part. Can we use the same way for a
>> role also? But in that case we might get duplicates of the resources 
>> right?
>>
>>>
 2. With this permission model, are we going to introduce the email
 based authentication for the products, or remain with the username 
 model?

 3. In our current management console, we have one view to create
 the user, and another view to create the user profile according to the
 given http://wso2.org/claims. Is there a particular reason to have
 the user profile in a separate view? Do we need to have two views for 
 user
 creation and profile in C5 model also?

 Any clarification on above matters is appreciated.

 Thanks and Regards,

Re: [Dev] Clarification on C5 permission model

[Vinod Kavinda]

Thanks Thanuja.
@Rasika,@SajithAR
Any idea on defining the resources and actions (permission tree)?

Regards,
Vinod

On Fri, Aug 12, 2016 at 11:41 AM, Thanuja Jayasinghe 
wrote:

> Hi Vinod,
>
> You have to use the JAAS authorization API, instead calling CarbonPrincipa
> l.isAuthorized. As an example, let say we have a CarbonPrincipal. So we
> can use that principal to build a Subject.
>
> Subject subject = new Subject();
>
> subject.getPrincipals().add(carbonPrincipal);
>
> Then we can use this Subject to call the authorization  API,
>
> private boolean isAuthorized(Subject subject, final CarbonPermission 
> carbonPermission) {
>
> final SecurityManager securityManager;
>
> if (System.getSecurityManager() == null) {
> securityManager = new SecurityManager();
> } else {
> securityManager = System.getSecurityManager();
> }
>
> try {
> Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> {
> securityManager.checkPermission(carbonPermission);
> return null;
> }, null);
> return true;
> } catch (AccessControlException | PrivilegedActionException e) {
> if (log.isDebugEnabled()) {
> log.debug("Authorization Failed", e);
> }
> return false;
> }
> }
>
> Thanks,
> Thanuja
>
> On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera  wrote:
>
>> HI Vinod, shouldn't this be asked in a new thread?
>> Hi Rasika, Sajith, You did this recently, right, Can you please help?
>>
>> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:
>>
>>> Hi Jayanga,
>>> I'm trying to authorize the current user with a particular action. I
>>> have used the following code snippet, Is this correct?
>>>
>>> public static boolean isUserAuthorized(String resource, String action) {
>>> CarbonPermission carbonPermission = new CarbonPermission(resource,
>>> action);
>>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur
>>> rentContext().getUserPrincipal())
>>> .isAuthorized(carbonPermission);
>>> }
>>>
>>> Further, how do we define a set of Resources and Actions for them? Any
>>> documentation on this?
>>>
>>> Regards,
>>> Vinod
>>>
>>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
>>> wrote:
>>>
 Hi Prabushi,

 Actually there will be no permissions that directly assigned to the
 user. All permissions are assigned through roles. By calling the above
 method in user will indirectly get all permissions through roles which are
 assigned to that particular user. If you need to get permissions for
 specific role, then you can use the same method in role.

 Thanks!

 *Jayanga Kaushalya*
 Software Engineer
 Mobile: +94777860160
 WSO2 Inc. | http://wso2.com
 lean.enterprise.middleware

 On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon <
 prabus...@wso2.com> wrote:

> Hi,
>
> Thank you for the clarifications Darshana and Jayanga.
>
> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
> wrote:
>
>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
>> prabus...@wso2.com> wrote:
>>
>>>
>>> Hi All,
>>>
>>> 1. Is there an  API method to get all the resources permitted to a
>>> particular user or a role?
>>>
>>
>> Yes. You can use the method getPermissions(Action action) [1] in User
>> to retrieve all the permissions assigned to that particular user filtered
>> by the action. Permission is a resource + action. So permissions filtered
>> by the action is a list of permitted resources.
>>
>
>  Ah great, now I understood that part. Can we use the same way for a
> role also? But in that case we might get duplicates of the resources 
> right?
>
>>
>>> 2. With this permission model, are we going to introduce the email
>>> based authentication for the products, or remain with the username 
>>> model?
>>>
>>> 3. In our current management console, we have one view to create the
>>> user, and another view to create the user profile according to the given
>>> http://wso2.org/claims. Is there a particular reason to have the
>>> user profile in a separate view? Do we need to have two views for user
>>> creation and profile in C5 model also?
>>>
>>> Any clarification on above matters is appreciated.
>>>
>>> Thanks and Regards,
>>> Prabushi
>>>
>>> --
>>> *Prabushi Samarakoon*
>>> Software Engineer
>>> Mobile: +94715434580
>>> Email: prabus...@wso2.com
>>>
>>
>> [1] https://github.com/wso2/carbon-security/blob/master/comp
>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
>> carbon/security/caas/user/core/bean/User.java#L188
>>
>> Thanks!
>>
>
>
> Thanks and Regards.
> --
> *Prabushi 

Re: [Dev] Clarification on C5 permission model

[Thanuja Jayasinghe]

Hi Vinod,

You have to use the JAAS authorization API, instead calling CarbonPrincipal.
isAuthorized. As an example, let say we have a CarbonPrincipal. So we can
use that principal to build a Subject.

Subject subject = new Subject();

subject.getPrincipals().add(carbonPrincipal);

Then we can use this Subject to call the authorization  API,

private boolean isAuthorized(Subject subject, final CarbonPermission
carbonPermission) {

final SecurityManager securityManager;

if (System.getSecurityManager() == null) {
securityManager = new SecurityManager();
} else {
securityManager = System.getSecurityManager();
}

try {
Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> {
securityManager.checkPermission(carbonPermission);
return null;
}, null);
return true;
} catch (AccessControlException | PrivilegedActionException e) {
if (log.isDebugEnabled()) {
log.debug("Authorization Failed", e);
}
return false;
}
}

Thanks,
Thanuja

On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera  wrote:

> HI Vinod, shouldn't this be asked in a new thread?
> Hi Rasika, Sajith, You did this recently, right, Can you please help?
>
> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:
>
>> Hi Jayanga,
>> I'm trying to authorize the current user with a particular action. I have
>> used the following code snippet, Is this correct?
>>
>> public static boolean isUserAuthorized(String resource, String action) {
>> CarbonPermission carbonPermission = new CarbonPermission(resource,
>> action);
>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur
>> rentContext().getUserPrincipal())
>> .isAuthorized(carbonPermission);
>> }
>>
>> Further, how do we define a set of Resources and Actions for them? Any
>> documentation on this?
>>
>> Regards,
>> Vinod
>>
>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
>> wrote:
>>
>>> Hi Prabushi,
>>>
>>> Actually there will be no permissions that directly assigned to the
>>> user. All permissions are assigned through roles. By calling the above
>>> method in user will indirectly get all permissions through roles which are
>>> assigned to that particular user. If you need to get permissions for
>>> specific role, then you can use the same method in role.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Software Engineer
>>> Mobile: +94777860160
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon <
>>> prabus...@wso2.com> wrote:
>>>
 Hi,

 Thank you for the clarifications Darshana and Jayanga.

 On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
 wrote:

> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
> prabus...@wso2.com> wrote:
>
>>
>> Hi All,
>>
>> 1. Is there an  API method to get all the resources permitted to a
>> particular user or a role?
>>
>
> Yes. You can use the method getPermissions(Action action) [1] in User
> to retrieve all the permissions assigned to that particular user filtered
> by the action. Permission is a resource + action. So permissions filtered
> by the action is a list of permitted resources.
>

  Ah great, now I understood that part. Can we use the same way for a
 role also? But in that case we might get duplicates of the resources right?

>
>> 2. With this permission model, are we going to introduce the email
>> based authentication for the products, or remain with the username model?
>>
>> 3. In our current management console, we have one view to create the
>> user, and another view to create the user profile according to the given
>> http://wso2.org/claims. Is there a particular reason to have the
>> user profile in a separate view? Do we need to have two views for user
>> creation and profile in C5 model also?
>>
>> Any clarification on above matters is appreciated.
>>
>> Thanks and Regards,
>> Prabushi
>>
>> --
>> *Prabushi Samarakoon*
>> Software Engineer
>> Mobile: +94715434580
>> Email: prabus...@wso2.com
>>
>
> [1] https://github.com/wso2/carbon-security/blob/master/comp
> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
> carbon/security/caas/user/core/bean/User.java#L188
>
> Thanks!
>


 Thanks and Regards.
 --
 *Prabushi Samarakoon*
 Software Engineer
 Mobile: +94715434580
 Email: prabus...@wso2.com

>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Vinod Kavinda
>> Software Engineer
>> *WSO2 Inc. - lean . enterprise . middleware .*
>> Mobile : +94 

Re: [Dev] Clarification on C5 permission model

[Manuranga Perera]

HI Vinod, shouldn't this be asked in a new thread?
Hi Rasika, Sajith, You did this recently, right, Can you please help?

On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:

> Hi Jayanga,
> I'm trying to authorize the current user with a particular action. I have
> used the following code snippet, Is this correct?
>
> public static boolean isUserAuthorized(String resource, String action) {
> CarbonPermission carbonPermission = new CarbonPermission(resource,
> action);
> return ((CarbonPrincipal) PrivilegedCarbonContext.getCurrentContext().
> getUserPrincipal())
> .isAuthorized(carbonPermission);
> }
>
> Further, how do we define a set of Resources and Actions for them? Any
> documentation on this?
>
> Regards,
> Vinod
>
> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
> wrote:
>
>> Hi Prabushi,
>>
>> Actually there will be no permissions that directly assigned to the user.
>> All permissions are assigned through roles. By calling the above method in
>> user will indirectly get all permissions through roles which are assigned
>> to that particular user. If you need to get permissions for specific role,
>> then you can use the same method in role.
>>
>> Thanks!
>>
>> *Jayanga Kaushalya*
>> Software Engineer
>> Mobile: +94777860160
>> WSO2 Inc. | http://wso2.com
>> lean.enterprise.middleware
>>
>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon > > wrote:
>>
>>> Hi,
>>>
>>> Thank you for the clarifications Darshana and Jayanga.
>>>
>>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
>>> wrote:
>>>
 On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
 prabus...@wso2.com> wrote:

>
> Hi All,
>
> 1. Is there an  API method to get all the resources permitted to a
> particular user or a role?
>

 Yes. You can use the method getPermissions(Action action) [1] in User
 to retrieve all the permissions assigned to that particular user filtered
 by the action. Permission is a resource + action. So permissions filtered
 by the action is a list of permitted resources.

>>>
>>>  Ah great, now I understood that part. Can we use the same way for a
>>> role also? But in that case we might get duplicates of the resources right?
>>>

> 2. With this permission model, are we going to introduce the email
> based authentication for the products, or remain with the username model?
>
> 3. In our current management console, we have one view to create the
> user, and another view to create the user profile according to the given
> http://wso2.org/claims. Is there a particular reason to have the user
> profile in a separate view? Do we need to have two views for user creation
> and profile in C5 model also?
>
> Any clarification on above matters is appreciated.
>
> Thanks and Regards,
> Prabushi
>
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>

 [1] https://github.com/wso2/carbon-security/blob/master/comp
 onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
 carbon/security/caas/user/core/bean/User.java#L188

 Thanks!

>>>
>>>
>>> Thanks and Regards.
>>> --
>>> *Prabushi Samarakoon*
>>> Software Engineer
>>> Mobile: +94715434580
>>> Email: prabus...@wso2.com
>>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Vinod Kavinda
> Software Engineer
> *WSO2 Inc. - lean . enterprise . middleware .*
> Mobile : +94 (0) 712 415544
> Blog : http://soatechflicks.blogspot.com/
> [image: http://wso2.com/signature]
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
With regards,
*Manu*ranga Perera.

phone : 071 7 70 20 50
mail : m...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Jayanga Kaushalya]

[Adding Thanuja]

*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware

On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:

> Hi Jayanga,
> I'm trying to authorize the current user with a particular action. I have
> used the following code snippet, Is this correct?
>
> public static boolean isUserAuthorized(String resource, String action) {
> CarbonPermission carbonPermission = new CarbonPermission(resource,
> action);
> return ((CarbonPrincipal) PrivilegedCarbonContext.getCurrentContext().
> getUserPrincipal())
> .isAuthorized(carbonPermission);
> }
>
> Further, how do we define a set of Resources and Actions for them? Any
> documentation on this?
>
> Regards,
> Vinod
>
> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
> wrote:
>
>> Hi Prabushi,
>>
>> Actually there will be no permissions that directly assigned to the user.
>> All permissions are assigned through roles. By calling the above method in
>> user will indirectly get all permissions through roles which are assigned
>> to that particular user. If you need to get permissions for specific role,
>> then you can use the same method in role.
>>
>> Thanks!
>>
>> *Jayanga Kaushalya*
>> Software Engineer
>> Mobile: +94777860160
>> WSO2 Inc. | http://wso2.com
>> lean.enterprise.middleware
>>
>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon > > wrote:
>>
>>> Hi,
>>>
>>> Thank you for the clarifications Darshana and Jayanga.
>>>
>>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
>>> wrote:
>>>
 On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
 prabus...@wso2.com> wrote:

>
> Hi All,
>
> 1. Is there an  API method to get all the resources permitted to a
> particular user or a role?
>

 Yes. You can use the method getPermissions(Action action) [1] in User
 to retrieve all the permissions assigned to that particular user filtered
 by the action. Permission is a resource + action. So permissions filtered
 by the action is a list of permitted resources.

>>>
>>>  Ah great, now I understood that part. Can we use the same way for a
>>> role also? But in that case we might get duplicates of the resources right?
>>>

> 2. With this permission model, are we going to introduce the email
> based authentication for the products, or remain with the username model?
>
> 3. In our current management console, we have one view to create the
> user, and another view to create the user profile according to the given
> http://wso2.org/claims. Is there a particular reason to have the user
> profile in a separate view? Do we need to have two views for user creation
> and profile in C5 model also?
>
> Any clarification on above matters is appreciated.
>
> Thanks and Regards,
> Prabushi
>
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>

 [1] https://github.com/wso2/carbon-security/blob/master/comp
 onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
 carbon/security/caas/user/core/bean/User.java#L188

 Thanks!

>>>
>>>
>>> Thanks and Regards.
>>> --
>>> *Prabushi Samarakoon*
>>> Software Engineer
>>> Mobile: +94715434580
>>> Email: prabus...@wso2.com
>>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Vinod Kavinda
> Software Engineer
> *WSO2 Inc. - lean . enterprise . middleware .*
> Mobile : +94 (0) 712 415544
> Blog : http://soatechflicks.blogspot.com/
> [image: http://wso2.com/signature]
> 
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Vinod Kavinda]

Hi Jayanga,
I'm trying to authorize the current user with a particular action. I have
used the following code snippet, Is this correct?

public static boolean isUserAuthorized(String resource, String action) {
CarbonPermission carbonPermission = new CarbonPermission(resource,
action);
return ((CarbonPrincipal)
PrivilegedCarbonContext.getCurrentContext().getUserPrincipal())
.isAuthorized(carbonPermission);
}

Further, how do we define a set of Resources and Actions for them? Any
documentation on this?

Regards,
Vinod

On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
wrote:

> Hi Prabushi,
>
> Actually there will be no permissions that directly assigned to the user.
> All permissions are assigned through roles. By calling the above method in
> user will indirectly get all permissions through roles which are assigned
> to that particular user. If you need to get permissions for specific role,
> then you can use the same method in role.
>
> Thanks!
>
> *Jayanga Kaushalya*
> Software Engineer
> Mobile: +94777860160
> WSO2 Inc. | http://wso2.com
> lean.enterprise.middleware
>
> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon 
> wrote:
>
>> Hi,
>>
>> Thank you for the clarifications Darshana and Jayanga.
>>
>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
>> wrote:
>>
>>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon >> > wrote:
>>>

 Hi All,

 1. Is there an  API method to get all the resources permitted to a
 particular user or a role?

>>>
>>> Yes. You can use the method getPermissions(Action action) [1] in User to
>>> retrieve all the permissions assigned to that particular user filtered by
>>> the action. Permission is a resource + action. So permissions filtered by
>>> the action is a list of permitted resources.
>>>
>>
>>  Ah great, now I understood that part. Can we use the same way for a role
>> also? But in that case we might get duplicates of the resources right?
>>
>>>
 2. With this permission model, are we going to introduce the email
 based authentication for the products, or remain with the username model?

 3. In our current management console, we have one view to create the
 user, and another view to create the user profile according to the given
 http://wso2.org/claims. Is there a particular reason to have the user
 profile in a separate view? Do we need to have two views for user creation
 and profile in C5 model also?

 Any clarification on above matters is appreciated.

 Thanks and Regards,
 Prabushi

 --
 *Prabushi Samarakoon*
 Software Engineer
 Mobile: +94715434580
 Email: prabus...@wso2.com

>>>
>>> [1] https://github.com/wso2/carbon-security/blob/master/comp
>>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
>>> carbon/security/caas/user/core/bean/User.java#L188
>>>
>>> Thanks!
>>>
>>
>>
>> Thanks and Regards.
>> --
>> *Prabushi Samarakoon*
>> Software Engineer
>> Mobile: +94715434580
>> Email: prabus...@wso2.com
>>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Vinod Kavinda
Software Engineer
*WSO2 Inc. - lean . enterprise . middleware .*
Mobile : +94 (0) 712 415544
Blog : http://soatechflicks.blogspot.com/
[image: http://wso2.com/signature]

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Jayanga Kaushalya]

Hi Prabushi,

Actually there will be no permissions that directly assigned to the user.
All permissions are assigned through roles. By calling the above method in
user will indirectly get all permissions through roles which are assigned
to that particular user. If you need to get permissions for specific role,
then you can use the same method in role.

Thanks!

*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware

On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon 
wrote:

> Hi,
>
> Thank you for the clarifications Darshana and Jayanga.
>
> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
> wrote:
>
>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon 
>> wrote:
>>
>>>
>>> Hi All,
>>>
>>> 1. Is there an  API method to get all the resources permitted to a
>>> particular user or a role?
>>>
>>
>> Yes. You can use the method getPermissions(Action action) [1] in User to
>> retrieve all the permissions assigned to that particular user filtered by
>> the action. Permission is a resource + action. So permissions filtered by
>> the action is a list of permitted resources.
>>
>
>  Ah great, now I understood that part. Can we use the same way for a role
> also? But in that case we might get duplicates of the resources right?
>
>>
>>> 2. With this permission model, are we going to introduce the email based
>>> authentication for the products, or remain with the username model?
>>>
>>> 3. In our current management console, we have one view to create the
>>> user, and another view to create the user profile according to the given
>>> http://wso2.org/claims. Is there a particular reason to have the user
>>> profile in a separate view? Do we need to have two views for user creation
>>> and profile in C5 model also?
>>>
>>> Any clarification on above matters is appreciated.
>>>
>>> Thanks and Regards,
>>> Prabushi
>>>
>>> --
>>> *Prabushi Samarakoon*
>>> Software Engineer
>>> Mobile: +94715434580
>>> Email: prabus...@wso2.com
>>>
>>
>> [1] https://github.com/wso2/carbon-security/blob/master/comp
>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
>> carbon/security/caas/user/core/bean/User.java#L188
>>
>> Thanks!
>>
>
>
> Thanks and Regards.
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Prabushi Samarakoon]

Hi,

Thank you for the clarifications Darshana and Jayanga.

On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
wrote:

> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon 
> wrote:
>
>>
>> Hi All,
>>
>> 1. Is there an  API method to get all the resources permitted to a
>> particular user or a role?
>>
>
> Yes. You can use the method getPermissions(Action action) [1] in User to
> retrieve all the permissions assigned to that particular user filtered by
> the action. Permission is a resource + action. So permissions filtered by
> the action is a list of permitted resources.
>

 Ah great, now I understood that part. Can we use the same way for a role
also? But in that case we might get duplicates of the resources right?

>
>> 2. With this permission model, are we going to introduce the email based
>> authentication for the products, or remain with the username model?
>>
>> 3. In our current management console, we have one view to create the
>> user, and another view to create the user profile according to the given
>> http://wso2.org/claims. Is there a particular reason to have the user
>> profile in a separate view? Do we need to have two views for user creation
>> and profile in C5 model also?
>>
>> Any clarification on above matters is appreciated.
>>
>> Thanks and Regards,
>> Prabushi
>>
>> --
>> *Prabushi Samarakoon*
>> Software Engineer
>> Mobile: +94715434580
>> Email: prabus...@wso2.com
>>
>
> [1] https://github.com/wso2/carbon-security/blob/master/
> components/org.wso2.carbon.security.caas/src/main/java/
> org/wso2/carbon/security/caas/user/core/bean/User.java#L188
>
> Thanks!
>


Thanks and Regards.
-- 
*Prabushi Samarakoon*
Software Engineer
Mobile: +94715434580
Email: prabus...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Jayanga Kaushalya]

On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon 
wrote:

>
> Hi All,
>
> 1. Is there an  API method to get all the resources permitted to a
> particular user or a role?
>

Yes. You can use the method getPermissions(Action action) [1] in User to
retrieve all the permissions assigned to that particular user filtered by
the action. Permission is a resource + action. So permissions filtered by
the action is a list of permitted resources.

>
> 2. With this permission model, are we going to introduce the email based
> authentication for the products, or remain with the username model?
>
> 3. In our current management console, we have one view to create the user,
> and another view to create the user profile according to the given
> http://wso2.org/claims. Is there a particular reason to have the user
> profile in a separate view? Do we need to have two views for user creation
> and profile in C5 model also?
>
> Any clarification on above matters is appreciated.
>
> Thanks and Regards,
> Prabushi
>
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>

[1]
https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/bean/User.java#L188

Thanks!
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Darshana Gunawardana]

On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon 
wrote:

>
> Hi All,
>
> 1. Is there an  API method to get all the resources permitted to a
> particular user or a role?
>
> 2. With this permission model, are we going to introduce the email based
> authentication for the products, or remain with the username model?
>

New model should not treat email type usernames specifically.. ie. it
should work for both types of usernames without turning on of specific
configuration\flag.

Can you please explain why this is a concern for you?

Thanks,

>
> 3. In our current management console, we have one view to create the user,
> and another view to create the user profile according to the given
> http://wso2.org/claims. Is there a particular reason to have the user
> profile in a separate view? Do we need to have two views for user creation
> and profile in C5 model also?
>
> Any clarification on above matters is appreciated.
>
> Thanks and Regards,
> Prabushi
>
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Clarification on C5 permission model

[Prabushi Samarakoon]

Hi All,

1. Is there an  API method to get all the resources permitted to a
particular user or a role?

2. With this permission model, are we going to introduce the email based
authentication for the products, or remain with the username model?

3. In our current management console, we have one view to create the user,
and another view to create the user profile according to the given
http://wso2.org/claims. Is there a particular reason to have the user
profile in a separate view? Do we need to have two views for user creation
and profile in C5 model also?

Any clarification on above matters is appreciated.

Thanks and Regards,
Prabushi

-- 
*Prabushi Samarakoon*
Software Engineer
Mobile: +94715434580
Email: prabus...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev