On Mon, Dec 10, 2012 at 11:44 AM, Afkham Azeez <az...@wso2.com> wrote:
> Right now the way to create or read permissions is not straightforward. > The APIs are really twisted. The fact that the permissions are stored in > the Registry is an implementation detail. Users should not be calling > Registry APIs to deal with permissions. We have users interested > in programmatically creating their permissions. Ideally, it would be great > to have a simple API like the following: +1 for simple API like this. But It is better, if we have some more clarifications.. Currently all carbon components use AuthorizationManager API for doing RBAC. You have meant to use new API (PermissionsUtil) rather than using AuthorizationManager Or else changing the API of AuthorizationManager to be simple as this Or else providing a new API for other applications to use. AFAIK currently also, we do not want to do the registry API call to add, remove, check permission (RBAC model). We can just use AuthorizationManager API to configure permissions. Permissions are store in UM database. But we have mapped the Carbon UI permission in to the registry resources. You can use remote-user-mgt component for doing authorization operation [1] using web service also. It exposes authorization manager API as a web service. But AuthorizationManager API seems to be not clear. I guess, It has been written, thinking about the Carbon UI. Also It is not good API to use by any applications to do RBAC. Also we have hoped to write some new feature [2] to configure RBAC for any applications. This component exposes web service API and uses same UM database schema to persist the permissions. Therefore any application can use this web service to do their RBAC. I guess, as a start, it would be better, if we can make the API of new feature to be simpler as what you have shared here. Then it can be used by other applications. And this can be done with out much effect. But if we are changing all existing carbon component to use this API, i think, it would be some time consuming effect, may be for C5. [1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.0.0/components/remote-usermgt [2] https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.0.0/components/identity/org.wso2.carbon.identity.authorization.core/ Thanks, Asela. > public final class PermissionsUtil { > > > public void createPermission(String permissionKey, List<UserRole> roles); > > public void addRolesToPermission(String permissionKey, List<UserRole> > roles); > > public void removeRolesFromPermission(String permissionKey, List<UserRole> > roles); > > public void deletePermission(String permissionKey); > > public List<UserRole> getRolesWithPermission(String permissionKey); > > public Permission getPermission(String permissionKey); > > } > > > public class Permission { > > private String permissionKey; > private List<UserRole> userRoles; > > } > > > Can somebody own this task? > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
