Hi Nuwan, Even though we have extracted multiple group ids using group id extractor, DAO classes use one group id to extract the applications and subscriptions. I think we have to implement to get all the applications and subscriptions if user are in several groups.
Thanks On Wed, Jan 13, 2016 at 2:18 PM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Wed, Jan 13, 2016 at 12:32 PM, Amalka Subasinghe <ama...@wso2.com> > wrote: > >> Hi Nuwan, >> >> We need APIM support to show subscribed API, when there's 1 user assigned >> to 2 user groups. >> >> *Our current AF APIM integration flow works as follows.* >> >> let's say we have a tenant foo.com and users - appowner1 and developer1 >> App owner1 creates an AF application 'AFapp1' and assign devloper1 as a >> developer of that application. >> according to the current implementation only the appowner1 can subscribe >> to the APIM API. >> [When appowner1 login to the APIM, we create an application 'AFapp1' in >> APIM side and selecting that application appowner1 can subscribe to an API] >> Then appowner1 can see subscribed APIs in AF side, where developers can't >> see that API. >> >> So we need to implement APIM group subscriptions in AF. >> to implement it we have to set the organization claim (as eg: >> 'foo.com_AFapp1') for appowner1 and developer1. >> Then both users can see the subscribed API. >> >> *We have another use case;* >> basically our user grouping happens per AF application and 1 user can be >> in 2 groups >> >> Let's say appowner1 creates an another application AFapp2 >> then appowner1 is belongs to 2 user groups. So we need to assign two >> values for the organization claim. (foo.com_AFapp1, foo.com_AFapp2) >> appowner1 want to see subscribed API in APIM side based on that 2 >> organizations. >> >> As I know, APIM does not support this when there's a more than 1 group >> assigned for the organization claim. >> But this is a required use case for the AF/cloud, and we can't customize >> the GroupingExtractor due to maintainability issues in cloud. >> >> Can this improvement provide by APIM? >> > > It can be done. But we've already done product plans for releases covering > the year. It might take time to get this into the product as a GA release. > I guess the timely solution is to customize the GroupingExtractor. > > What maintainability concerns do you have? If a standard extension point > in the product is a maintainability concern it makes no sense to have those > extension points at all. So I would like to understand those concerns and > improve if possible. > >> >> Thanks >> Amalka >> >> >> >> >> >> >> On Tue, Jan 12, 2016 at 1:42 PM, Amalka Subasinghe <ama...@wso2.com> >> wrote: >> >>> Hi, >>> >>> Currently only the app owner allows to subscribed to an API, generate >>> keys and see subscribed APIs, where other users are not allowed as showed >>> in the below table. >>> >>> >>> Subscribe to API Generate Keys View subscribed APIs in AF side View >>> Prod keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y >>> Developer >>> >>> >>> >>> Y QA >>> >>> >>> >>> Y DevOps >>> >>> >>> Y Y >>> We want to improve the AF - APIM integration as follows. So we need >>> implement $subject. >>> 1. making both app owner and developer can subscribe to an API and >>> generate keys >>> 2. making all users to see subscribed API per application >>> >>> >>> Subscribe to API Generate Keys View subscribed APIs in AF side View >>> Prod keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y >>> Developer Y Y Y >>> Y QA >>> >>> Y >>> Y DevOps >>> >>> Y Y Y >>> *Things to do:* >>> >>> 1. All the users of a particular app we need to maintain as a group. >>> >>> In APIM side they uses http://wso2.org/claims/organization claim to >>> group the users. We have to set this claim (eg: app key as the value of the >>> claim) when appowner or developer try to click on 'Go to API Manager' >>> button. >>> Currently we use a role app_appName to group the users of a particular >>> application in AF. If we use this we have to implement a custom grouping >>> extractor to get the users of a particular group. >>> >>> >>> *Issues: *a. Since we don't set the claim for QA and DevOps users, they >>> can't view subscribed APIs in AF side, and If we add the claim they also >>> will be able to subscribe to APIs and generate keys. So we need to find a >>> way to view subscribed api for a particular application by QA and Devops >>> users. >>> b. With this implementation Developer can see prod keys also. >>> >>> >>> 2. Make Go to API Manager and Sync Keys buttons enabled only to appowner >>> and developer. >>> For this we can use resource permissions we already have. >>> >>> >>> 3. Need to improve/test all the rest calls we do with APIM to work with >>> groups and fix if there's any issue. >>> >>> - Login - When user clicks on 'Go to API Manager' button of a >>> particular app, it should login to APIM and show the subscribed APIs, >>> listed under selected application. >>> - Create application >>> - Remove application >>> - Get published APIs by application >>> - List subscription >>> - Get applications >>> >>> [1] https://wso2.org/jira/browse/APPFAC-3217 >>> >>> Thanks >>> Amalka >>> >>> >> >> >> -- >> Amalka Subasinghe >> Senior Software Engineer >> WSO2 Inc. >> Mobile: +94 77 9401267 >> > > > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Lakshman Udayakantha WSO2 Inc. www.wso2.com lean.enterprise.middleware Mobile: *0714388124*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev