[Architecture] [IS- 5.10.0] [Role-Permission] Implementation strategy

Wed, 28 Aug 2019 22:09:50 -0700 

Hi all,

We currently have the UserAdmin Service method to return all the
permissions in the permission tree as a node list object. There is also a
method to return permissions associated with a role.

When we try to implement a rest API for this we came up with below two
approaches:

*Approach 1:*

   - Return the only the visible permission list in the SCIM group object
   itself, similar way as members listed. The expected outcome is shown below.

Ex:

{
  "totalResults": 3,
  "startIndex": 1,
  "itemsPerPage": 3,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "Resources": [
    {
      "displayName": "PRIMARY/admin",
      "meta": {
        "created": "2019-07-26T19:33:54",
        "location":
"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";,
        "lastModified": "2019-07-26T19:33:54"
      },
      "members": [
        {
          "display": "admin",
          "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43"
        }
      ],

      "permissions" : [
            {

                "displayName" : "Configure Data Sources",

                "resourcePath" : "/permission/admin/configure/datasources"
             },
             {

                "displayName" : "Password Management",

                "resourcePath" :
"/permission/admin/configure/security/usermgt/passwords"

}
]
 "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] }



*Approach 2: *


   - If we return the permission list in the same group object, it will
   become really large and will have a lot of backend changes as well.
   - Hence, we thought of returning only the link to the permission list in
   the group object and implement another few APIs to manage permissions,
   basically the CRUD operations.

Ex:

{
  "totalResults": 3,
  "startIndex": 1,
  "itemsPerPage": 3,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "Resources": [
    {
      "displayName": "PRIMARY/admin",
      "meta": {
        "created": "2019-07-26T19:33:54",
        "location":
"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";,
        "lastModified": "2019-07-26T19:33:54"
      },
      "members": [
        {
          "display": "admin",
          "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43"
        }
      ],

* "permissions" :
["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions
<https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]*
 "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] }


furthmore we will write new APIs as follows,

            */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE*



Currently, we are working on approach 2 and we really appreciate your
feedback on these approaches or something new.

Thank you,
Dinali

-- 
*Dinali Rosemin Dabarera*
Senior Software Engineer
IAM Domain
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : [email protected]
LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
Mobile: +94770198933




<https://lk.linkedin.com/in/dinalidabarera>

_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to