Ok sure. I have a doubt to be clarified. When editing a comment, we already have a mechanism to check whether the particular person has the *comment moderator* role. If so we give permission to update the comment. But if the user does not have the comment moderator role, we need a mechanism to check whether the *username* and *entry point* both matches with the comment that is already in the database and give permission to him/her to modify the particular comment. For example, Assume Peter posts a comment (assume commentId is 1001) using API Store. But Peter does not have the comment moderator role. So in here, we need to allow Peter to modify his own comment. We can check USER_IDENTIFIER and ENTRY_POINT in the comment 1001 retrieved from the database, and if they match with the current USER_IDENTIFIER and ENTRY_POINT, then we must allow modifying the comment. (It confirms that Peter is trying to modify the comment via API Store)
I am looking more into these user roles, and I am trying to distinguish admin and comment moderator roles separately. I think it is better to have the comment moderator role separately, so by default admin will not have that privilege. If someone decides to have a separate person to handle the comment then he/she can be assigned with the comment moderator role. What do you think about this? Thank you! On Tue, Oct 2, 2018 at 10:22 AM Nuwan Dias <nuw...@wso2.com> wrote: > The CREATED_BY and UPDATED_BY columns are ones we add to all tables for > audit purposes. We don't associate them with any business logic nor do we > reason out any logic for having or not having those columns. > > On Tue, Oct 2, 2018 at 10:02 AM Wasura Wattearachchi <was...@wso2.com> > wrote: > >> Hi Ishara, >> >> Thank you for pointing this out. >> >> On Tue, Oct 2, 2018 at 5:42 AM Ishara Cooray <isha...@wso2.com> wrote: >> >>> Hi Wasura, >>> >>> I think PARENT_COMMENT_ID should have a default value because first >>> comment does not have a associated parent comment. >>> >>> When we are inserting a parent comment it will not have a >> PARENT_COMMENT_ID. So this may throw an error due to violation of >> Referential Integrity Constraint. So I thought not to have any constraint >> for PARENT_COMMENT_ID and we discussed this yesterday during the code >> review. >> >> >>> Since there are two fields CREATED_BY and UPDATED_BY I guess comments >>> can be updated(edit/delete) by someone other than the owner. >>> >> >> +1 for this. I must handle this in the logic when updating a comment. I >> will look into this matter. >> >>> Appreciate if you clarify the expected behavior. >>> >>> >>> Thanks & Regards, >>> Ishara Cooray >>> >> >> Thank you! >> >>> >>> On Mon, Oct 1, 2018 at 10:54 PM Wasura Wattearachchi <was...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> According to what we have discussed today during the code review, I >>>> added a new attribute named ENTRY_POINT to distinguish the role of the >>>> person, based on the entry point - whether the particular person initiates >>>> the comment from the API Store or the API Publisher. Following is the ERD >>>> for that (You can find the newly added attribute in green colour). >>>> >>>> >>>> >>>> >>>> Following is the corresponding *table* and the data types. >>>> >>>> >>>> AM_API_COMMENTS >>>> >>>> UUID >>>> >>>> VARCHAR(255) >>>> >>>> PRIMARY KEY >>>> >>>> COMMENT_TEXT >>>> >>>> TEXT >>>> >>>> USER_IDENTIFIER >>>> >>>> VARCHAR(255) >>>> >>>> CATEGORY >>>> >>>> VARCHAR(20) >>>> >>>> DEFAULT ‘General’ >>>> >>>> PARENT_COMMENT_ID >>>> >>>> VARCHAR(255) >>>> >>>> ENTRY_POINT >>>> >>>> VARCHAR(20) >>>> >>>> API_ID >>>> >>>> VARCHAR(255) >>>> >>>> FOREIGN KEY REFERENCES AM_API (UUID) ON DELETE CASCADE ON UPDATE CASCADE >>>> >>>> CREATED_BY >>>> >>>> VARCHAR(100) >>>> >>>> CREATED_TIME >>>> >>>> TIMESTAMP >>>> >>>> DEFAULT CURRENT_TIMESTAMP >>>> >>>> UPDATED_BY >>>> >>>> VARCHAR(100) >>>> >>>> UPDATED_TIME >>>> >>>> TIMESTAMP >>>> >>>> DEFAULT CURRENT_TIMESTAMP >>>> >>>> >>>> I would much appreciate if you can provide feedback and suggestions. >>>> >>>> >>>> Thank you! >>>> >>>> >>>> On Wed, Sep 19, 2018 at 10:24 AM Ishara Cooray <isha...@wso2.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> Thanks for the clarification Wasura. >>>>> >>>>> In C5 we have used *USER_IDENTIFIER* in below APIM tables. >>>>> AM_USER_NAME_MAPPING >>>>> AM_API_RATINGS >>>>> AM_API_COMMENTS >>>>> >>>>> But in C5 UM tables we still have used *USER_ID*. >>>>> >>>>> AUTH_UM_PASSWORD_INFO >>>>> AUTH_UM_USER_GROUP >>>>> AUTH_UM_USER_ATTRIBUTES >>>>> >>>>> Is there any particular reason for that? >>>>> >>>>> I am +1 to use USER_ID in apim tables as well. >>>>> >>>>> >>>>> Thanks & Regards, >>>>> Ishara Cooray >>>>> Senior Software Engineer >>>>> Mobile : +9477 262 9512 >>>>> WSO2, Inc. | http://wso2.com/ >>>>> Lean . Enterprise . Middleware >>>>> >>>>> On Tue, Sep 18, 2018 at 9:17 PM, Wasura Wattearachchi <was...@wso2.com >>>>> > wrote: >>>>> >>>>>> Hi Ishara, >>>>>> >>>>>> I agree with you. It is better to have USER_ID rather than >>>>>> USER_IDENTIFIER. But there is a problem. I checked all the tables in >>>>>> the database again and found that there are some tables which have >>>>>> USER_IDENTIFIER column (which is used to symbolize the username of the >>>>>> current user like in AM_API_COMMENTS table). >>>>>> So if I change the USER_IDENTIFIER field to USER_ID in my table >>>>>> (AM_API_COMMENTS) then the consistency of the database will be lost, >>>>>> because other tables have it as USER_IDENTIFIER while AM_API_COMMENTS has >>>>>> it as USER_ID. >>>>>> >>>>>> So I think it is better to keep it this way as USER_IDENTIFIER >>>>>> without doing any changes. What are the ideas of others? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> On Tue, Sep 18, 2018 at 5:47 AM Ishara Cooray <isha...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi Wasura, >>>>>>> We can simplify USER_IDENTIFIER field as USER_ID >>>>>>> >>>>>>> And also I think we need to categorize comments as "Bug", "Feature >>>>>>> Request" or "General". By default it should be "General. >>>>>>> >>>>>>> What is the way that we identify the category of a particular >>>>>>> comment? >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Wasura Wattearachchi >>>>>> Software Engineer Intern | WSO2 >>>>>> >>>>>> Email: was...@wso2.com <t...@wso2.com> >>>>>> Mobile: +94775396038 >>>>>> >>>>> >>>>> >>>> >>>> -- >>>> Wasura Wattearachchi >>>> Software Engineer Intern | WSO2 >>>> >>>> Email: was...@wso2.com <t...@wso2.com> >>>> Mobile: +94775396038 >>>> <http://wso2.com/signature> >>>> >>> >> >> -- >> Wasura Wattearachchi >> Software Engineer Intern | WSO2 >> >> Email: was...@wso2.com <t...@wso2.com> >> Mobile: +94775396038 >> <http://wso2.com/signature> >> > > > -- > *Nuwan Dias* | Director | WSO2 Inc. > (m) +94 777 775 729 | (e) nuw...@wso2.com > [image: Signature.jpg] > -- Wasura Wattearachchi Software Engineer Intern | WSO2 Email: was...@wso2.com <t...@wso2.com> Mobile: +94775396038 <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
