Hi Denuwanthi, On Thu, Aug 29, 2019 at 11:37 AM Denuwanthi De Silva <[email protected]> wrote:
> +1 for Approach 2. > It provides a sense of modularity/decoupling and helps the api user to > easily navigate api calls using the provided link. > Will this effort also cover associating permissions to roles? > I believe what you mean here is add permission to roles. Yes, for that we provide the POST form of this API. We do support PATCH, PUT and DELETE too. *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* > Thanks, > > On Thu, Aug 29, 2019 at 10:52 AM Dinali Dabarera <[email protected]> wrote: > >> Correction: >> >> *Approach 2:* >> Ex: >> >> { >> "totalResults": 1, >> "startIndex": 1, >> "itemsPerPage": 1, >> "schemas": [ >> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >> ], >> "Resources": [ >> { >> "displayName": "PRIMARY/admin", >> "meta": { >> "created": "2019-07-26T19:33:54", >> "location": >> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >> "lastModified": "2019-07-26T19:33:54" >> }, >> "members": [ >> { >> "display": "admin", >> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >> } >> ], >> >> >> * "permissions" : { "location":* >> >> *"https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions"; >> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>* >> }, >> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >> >> >> On Thu, Aug 29, 2019 at 10:38 AM Dinali Dabarera <[email protected]> wrote: >> >>> Hi all, >>> >>> We currently have the UserAdmin Service method to return all the >>> permissions in the permission tree as a node list object. There is also a >>> method to return permissions associated with a role. >>> >>> When we try to implement a rest API for this we came up with below two >>> approaches: >>> >>> *Approach 1:* >>> >>> - Return the only the visible permission list in the SCIM group >>> object itself, similar way as members listed. The expected outcome is >>> shown >>> below. >>> >>> Ex: >>> >>> { >>> "totalResults": 3, >>> "startIndex": 1, >>> "itemsPerPage": 3, >>> "schemas": [ >>> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >>> ], >>> "Resources": [ >>> { >>> "displayName": "PRIMARY/admin", >>> "meta": { >>> "created": "2019-07-26T19:33:54", >>> "location": >>> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >>> "lastModified": "2019-07-26T19:33:54" >>> }, >>> "members": [ >>> { >>> "display": "admin", >>> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >>> } >>> ], >>> >>> "permissions" : [ >>> { >>> >>> "displayName" : "Configure Data Sources", >>> >>> "resourcePath" : "/permission/admin/configure/datasources" >>> }, >>> { >>> >>> "displayName" : "Password Management", >>> >>> "resourcePath" : >>> "/permission/admin/configure/security/usermgt/passwords" >>> >>> } >>> ] >>> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >>> >>> >>> >>> *Approach 2: * >>> >>> >>> - If we return the permission list in the same group object, it will >>> become really large and will have a lot of backend changes as well. >>> - Hence, we thought of returning only the link to the permission >>> list in the group object and implement another few APIs to manage >>> permissions, basically the CRUD operations. >>> >>> Ex: >>> >>> { >>> "totalResults": 3, >>> "startIndex": 1, >>> "itemsPerPage": 3, >>> "schemas": [ >>> "urn:ietf:params:scim:api:messages:2.0:ListResponse" >>> ], >>> "Resources": [ >>> { >>> "displayName": "PRIMARY/admin", >>> "meta": { >>> "created": "2019-07-26T19:33:54", >>> "location": >>> "https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d";, >>> "lastModified": "2019-07-26T19:33:54" >>> }, >>> "members": [ >>> { >>> "display": "admin", >>> "value": "409ca90b-2ba6-4474-9a45-2cf7376e6e43" >>> } >>> ], >>> >>> * "permissions" : >>> ["https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions >>> <https://localhost:9443/scim2/Groups/c39232b1-4856-439b-89be-aae3fce5617d/permissions>"]* >>> "id": "c39232b1-4856-439b-89be-aae3fce5617d" } ] } >>> >>> >>> furthmore we will write new APIs as follows, >>> >>> */Group/{id}/permissions GET,POST,PATCH,PUT, DELETE* >>> >>> >>> >>> Currently, we are working on approach 2 and we really appreciate your >>> feedback on these approaches or something new. >>> >>> Thank you, >>> Dinali >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Senior Software Engineer >>> IAM Domain >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> -- >> *Dinali Rosemin Dabarera* >> Senior Software Engineer >> IAM Domain >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : [email protected] >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > -- > > *Denuwanthi De Silva* | Associate Technical Lead | WSO2 Inc. > (m) +94 771391097 | (w) +94 11 743 5800 | (e) [email protected] > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > > -- *Dinali Rosemin Dabarera* Senior Software Engineer IAM Domain WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : [email protected] LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
