Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi Nirmal, +1 for the idea. Then no worries about this issue. On Tue, May 7, 2013 at 12:50 PM, Manjula Rathnayake wrote: > Hi Nirmal, > > I understood your point, what you suggest is to document that 'AppOwner' > is a special case and let the user to change display name of role. > +1, that is cleaner and not adding more attributes to the configuration. > > Regarding BPEL, we can get configuration values through BPEL custom > extensions. > > thank you. > > > On Tue, May 7, 2013 at 12:43 PM, Nirmal Fernando wrote: > >> So as of now, if you change the "appOwner", it will break that process. >> >> As discussed offline, IMO no user would have any interest over changing >> the role name "appOwner", but the display name. So I don't think we should >> allow that (i.e. appfactory xml should be validated for a role "appOwner", >> for a successful deployment). >> >> >> Application Owner >> >> Ideally, content of appfactory xml should be available for the BPEL >> process at run time. >> >> Just my 2 cents. >> >> >> On Tue, May 7, 2013 at 12:16 PM, Manjula Rathnayake wrote: >> >>> Hi Nirmal, >>> >>> This is done through a BPEL process, in that BPEL process 'AppOwner' is >>> used. >>> >>> thank you. >>> >>> >>> >>> On Tue, May 7, 2013 at 11:38 AM, Nirmal Fernando wrote: >>> Ok.. that explains. But, I'm confused. How you guys assign this "appOwner" role to the user who creates an app?? Application Owner /permission/admin/login, /permission/admin/appfactory/develop, /permission/admin/appfactory/repository/readwrite, /permission/admin/appfactory/build, /permission/admin/appfactory/repository/branch, /permission/admin/appfactory/deployTo/Development, /permission/admin/appfactory/deployTo/Testing, /permission/admin/appfactory/deployTo/Staging, /permission/admin/appfactory/configure/db/Development, /permission/admin/appfactory/configure/db/Testing, /permission/admin/appfactory/configure/db/Staging, /permission/admin/appfactory/configure/api/subscribe, /permission/admin/appfactory/configure/resources/Development, /permission/admin/appfactory/configure/resources/Testing, /permission/admin/appfactory/configure/resources/Staging, /permission/admin/appfactory/datasource/create, /permission/admin/appfactory/datasource/update/Development, /permission/admin/appfactory/datasource/update/Testing, /permission/admin/appfactory/datasource/update/Staging, /permission/admin/appfactory/resource/create, /permission/admin/appfactory/resource/update/Development, /permission/admin/appfactory/resource/update/Testing, /permission/admin/appfactory/resource/update/Staging, /permission/admin/appfactory/promoteTo/Testing, /permission/admin/appfactory/promoteTo/Staging, /permission/admin/appfactory/demoteTo/Development, /permission/admin/appfactory/demoteTo/Testing, /permission/admin/appfactory/visibility/Development, /permission/admin/appfactory/visibility/Testing, /permission/admin/appfactory/visibility/Staging, /permission/admin/appfactory/usermgt/invite, /permission/admin/appfactory/configuration/apimanager On Tue, May 7, 2013 at 11:28 AM, Asanka Dissanayake wrote: > Hi Nirmal, > appfactory.xml is attached. > > > On Tue, May 7, 2013 at 11:08 AM, Nirmal Fernando wrote: > >> >> >> >> On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake > > wrote: >> >>> Hi All, >>> >>> @ Manjula, >>> Ya, It MUST be implemented at the back end too.But before that we >>> should figure out how to identify undeletable roles. >>> >>> >>> @Niraml, >>> appfactory.xml is editable, so if user wish to use a different name >>> for appOwner how can we compare it. So property DELETABLE will do the >>> trick, this property is applicable to any role that user think should >>> not >>> be deleted. >>> >> >> You mind sending over a sample appfactory.xml ? >> >>> >>> >>> We should finalize this soon. >>> cheers! >>> >>> >>> On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: >>> On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake < manju...@wso2.com> wrote: > Hi all, > > We can not check 'AppOwner' role at the front end only,
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi Nirmal, I understood your point, what you suggest is to document that 'AppOwner' is a special case and let the user to change display name of role. +1, that is cleaner and not adding more attributes to the configuration. Regarding BPEL, we can get configuration values through BPEL custom extensions. thank you. On Tue, May 7, 2013 at 12:43 PM, Nirmal Fernando wrote: > So as of now, if you change the "appOwner", it will break that process. > > As discussed offline, IMO no user would have any interest over changing > the role name "appOwner", but the display name. So I don't think we should > allow that (i.e. appfactory xml should be validated for a role "appOwner", > for a successful deployment). > > > Application Owner > > Ideally, content of appfactory xml should be available for the BPEL > process at run time. > > Just my 2 cents. > > > On Tue, May 7, 2013 at 12:16 PM, Manjula Rathnayake wrote: > >> Hi Nirmal, >> >> This is done through a BPEL process, in that BPEL process 'AppOwner' is >> used. >> >> thank you. >> >> >> >> On Tue, May 7, 2013 at 11:38 AM, Nirmal Fernando wrote: >> >>> Ok.. that explains. But, I'm confused. How you guys assign this >>> "appOwner" role to the user who creates an app?? >>> >>> >>> Application Owner >>> >>> /permission/admin/login, >>> /permission/admin/appfactory/develop, >>> /permission/admin/appfactory/repository/readwrite, >>> /permission/admin/appfactory/build, >>> /permission/admin/appfactory/repository/branch, >>> /permission/admin/appfactory/deployTo/Development, >>> /permission/admin/appfactory/deployTo/Testing, >>> /permission/admin/appfactory/deployTo/Staging, >>> /permission/admin/appfactory/configure/db/Development, >>> /permission/admin/appfactory/configure/db/Testing, >>> /permission/admin/appfactory/configure/db/Staging, >>> /permission/admin/appfactory/configure/api/subscribe, >>> >>> /permission/admin/appfactory/configure/resources/Development, >>> /permission/admin/appfactory/configure/resources/Testing, >>> /permission/admin/appfactory/configure/resources/Staging, >>> /permission/admin/appfactory/datasource/create, >>> >>> /permission/admin/appfactory/datasource/update/Development, >>> /permission/admin/appfactory/datasource/update/Testing, >>> /permission/admin/appfactory/datasource/update/Staging, >>> /permission/admin/appfactory/resource/create, >>> /permission/admin/appfactory/resource/update/Development, >>> /permission/admin/appfactory/resource/update/Testing, >>> /permission/admin/appfactory/resource/update/Staging, >>> /permission/admin/appfactory/promoteTo/Testing, >>> /permission/admin/appfactory/promoteTo/Staging, >>> /permission/admin/appfactory/demoteTo/Development, >>> /permission/admin/appfactory/demoteTo/Testing, >>> /permission/admin/appfactory/visibility/Development, >>> /permission/admin/appfactory/visibility/Testing, >>> /permission/admin/appfactory/visibility/Staging, >>> /permission/admin/appfactory/usermgt/invite, >>> /permission/admin/appfactory/configuration/apimanager >>> >>> >>> >>> >>> On Tue, May 7, 2013 at 11:28 AM, Asanka Dissanayake wrote: >>> Hi Nirmal, appfactory.xml is attached. On Tue, May 7, 2013 at 11:08 AM, Nirmal Fernando wrote: > > > > On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake > wrote: > >> Hi All, >> >> @ Manjula, >> Ya, It MUST be implemented at the back end too.But before that we >> should figure out how to identify undeletable roles. >> >> >> @Niraml, >> appfactory.xml is editable, so if user wish to use a different name >> for appOwner how can we compare it. So property DELETABLE will do the >> trick, this property is applicable to any role that user think should not >> be deleted. >> > > You mind sending over a sample appfactory.xml ? > >> >> >> We should finalize this soon. >> cheers! >> >> >> On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: >> >>> >>> >>> >>> On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake < >>> manju...@wso2.com> wrote: >>> Hi all, We can not check 'AppOwner' role at the front end only, what if we do a REST call and invoke delete? @Nirmal, All roles are read from appfactory.xml, however AppOwner is the set of users who create applications, invite other users into different r
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
So as of now, if you change the "appOwner", it will break that process. As discussed offline, IMO no user would have any interest over changing the role name "appOwner", but the display name. So I don't think we should allow that (i.e. appfactory xml should be validated for a role "appOwner", for a successful deployment). Application Owner Ideally, content of appfactory xml should be available for the BPEL process at run time. Just my 2 cents. On Tue, May 7, 2013 at 12:16 PM, Manjula Rathnayake wrote: > Hi Nirmal, > > This is done through a BPEL process, in that BPEL process 'AppOwner' is > used. > > thank you. > > > > On Tue, May 7, 2013 at 11:38 AM, Nirmal Fernando wrote: > >> Ok.. that explains. But, I'm confused. How you guys assign this >> "appOwner" role to the user who creates an app?? >> >> >> Application Owner >> >> /permission/admin/login, >> /permission/admin/appfactory/develop, >> /permission/admin/appfactory/repository/readwrite, >> /permission/admin/appfactory/build, >> /permission/admin/appfactory/repository/branch, >> /permission/admin/appfactory/deployTo/Development, >> /permission/admin/appfactory/deployTo/Testing, >> /permission/admin/appfactory/deployTo/Staging, >> /permission/admin/appfactory/configure/db/Development, >> /permission/admin/appfactory/configure/db/Testing, >> /permission/admin/appfactory/configure/db/Staging, >> /permission/admin/appfactory/configure/api/subscribe, >> >> /permission/admin/appfactory/configure/resources/Development, >> /permission/admin/appfactory/configure/resources/Testing, >> /permission/admin/appfactory/configure/resources/Staging, >> /permission/admin/appfactory/datasource/create, >> >> /permission/admin/appfactory/datasource/update/Development, >> /permission/admin/appfactory/datasource/update/Testing, >> /permission/admin/appfactory/datasource/update/Staging, >> /permission/admin/appfactory/resource/create, >> /permission/admin/appfactory/resource/update/Development, >> /permission/admin/appfactory/resource/update/Testing, >> /permission/admin/appfactory/resource/update/Staging, >> /permission/admin/appfactory/promoteTo/Testing, >> /permission/admin/appfactory/promoteTo/Staging, >> /permission/admin/appfactory/demoteTo/Development, >> /permission/admin/appfactory/demoteTo/Testing, >> /permission/admin/appfactory/visibility/Development, >> /permission/admin/appfactory/visibility/Testing, >> /permission/admin/appfactory/visibility/Staging, >> /permission/admin/appfactory/usermgt/invite, >> /permission/admin/appfactory/configuration/apimanager >> >> >> >> >> On Tue, May 7, 2013 at 11:28 AM, Asanka Dissanayake wrote: >> >>> Hi Nirmal, >>> appfactory.xml is attached. >>> >>> >>> On Tue, May 7, 2013 at 11:08 AM, Nirmal Fernando wrote: >>> On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake wrote: > Hi All, > > @ Manjula, > Ya, It MUST be implemented at the back end too.But before that we > should figure out how to identify undeletable roles. > > > @Niraml, > appfactory.xml is editable, so if user wish to use a different name > for appOwner how can we compare it. So property DELETABLE will do the > trick, this property is applicable to any role that user think should not > be deleted. > You mind sending over a sample appfactory.xml ? > > > We should finalize this soon. > cheers! > > > On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: > >> >> >> >> On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake < >> manju...@wso2.com> wrote: >> >>> Hi all, >>> >>> We can not check 'AppOwner' role at the front end only, what if we >>> do a REST call and invoke delete? >>> >>> @Nirmal, >>> All roles are read from appfactory.xml, however AppOwner is the set >>> of users who create applications, invite other users into different >>> roles >>> such as Developer, DevOps etc. When AppOwner invite another user, he can >>> modify existing roles assigned to users, for example, AppOwner can >>> remove >>> QA role and add DevOp role for a DevOps user. >>> The issue here is that, AppOwner should not be able to reomve >>> himself from AppOwner role. That is why, the suggestion to add DELETABLE >>> property to each role. >>> >> >> Yes, so why we need a new property (if this is valid only for >> AppOwner)?
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi Nirmal, This is done through a BPEL process, in that BPEL process 'AppOwner' is used. thank you. On Tue, May 7, 2013 at 11:38 AM, Nirmal Fernando wrote: > Ok.. that explains. But, I'm confused. How you guys assign this "appOwner" > role to the user who creates an app?? > > > Application Owner > > /permission/admin/login, > /permission/admin/appfactory/develop, > /permission/admin/appfactory/repository/readwrite, > /permission/admin/appfactory/build, > /permission/admin/appfactory/repository/branch, > /permission/admin/appfactory/deployTo/Development, > /permission/admin/appfactory/deployTo/Testing, > /permission/admin/appfactory/deployTo/Staging, > /permission/admin/appfactory/configure/db/Development, > /permission/admin/appfactory/configure/db/Testing, > /permission/admin/appfactory/configure/db/Staging, > /permission/admin/appfactory/configure/api/subscribe, > > /permission/admin/appfactory/configure/resources/Development, > /permission/admin/appfactory/configure/resources/Testing, > /permission/admin/appfactory/configure/resources/Staging, > /permission/admin/appfactory/datasource/create, > /permission/admin/appfactory/datasource/update/Development, > /permission/admin/appfactory/datasource/update/Testing, > /permission/admin/appfactory/datasource/update/Staging, > /permission/admin/appfactory/resource/create, > /permission/admin/appfactory/resource/update/Development, > /permission/admin/appfactory/resource/update/Testing, > /permission/admin/appfactory/resource/update/Staging, > /permission/admin/appfactory/promoteTo/Testing, > /permission/admin/appfactory/promoteTo/Staging, > /permission/admin/appfactory/demoteTo/Development, > /permission/admin/appfactory/demoteTo/Testing, > /permission/admin/appfactory/visibility/Development, > /permission/admin/appfactory/visibility/Testing, > /permission/admin/appfactory/visibility/Staging, > /permission/admin/appfactory/usermgt/invite, > /permission/admin/appfactory/configuration/apimanager > > > > > On Tue, May 7, 2013 at 11:28 AM, Asanka Dissanayake wrote: > >> Hi Nirmal, >> appfactory.xml is attached. >> >> >> On Tue, May 7, 2013 at 11:08 AM, Nirmal Fernando wrote: >> >>> >>> >>> >>> On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake wrote: >>> Hi All, @ Manjula, Ya, It MUST be implemented at the back end too.But before that we should figure out how to identify undeletable roles. @Niraml, appfactory.xml is editable, so if user wish to use a different name for appOwner how can we compare it. So property DELETABLE will do the trick, this property is applicable to any role that user think should not be deleted. >>> >>> You mind sending over a sample appfactory.xml ? >>> We should finalize this soon. cheers! On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: > > > > On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake > wrote: > >> Hi all, >> >> We can not check 'AppOwner' role at the front end only, what if we do >> a REST call and invoke delete? >> >> @Nirmal, >> All roles are read from appfactory.xml, however AppOwner is the set >> of users who create applications, invite other users into different roles >> such as Developer, DevOps etc. When AppOwner invite another user, he can >> modify existing roles assigned to users, for example, AppOwner can remove >> QA role and add DevOp role for a DevOps user. >> The issue here is that, AppOwner should not be able to reomve himself >> from AppOwner role. That is why, the suggestion to add DELETABLE property >> to each role. >> > > Yes, so why we need a new property (if this is valid only for > AppOwner)? Why can't you do the same check without hard coding the > "AppOwner" role (read the role from appfactory.xml and validate whether > the > user is the AppOwner)? > >> >> thank you. >> >> >> >> On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: >> >>> Asanka, >>> >>> Sent via my mobile >>> -- Nirmal -- >>> >>> On May 6, 2013 8:21 PM, "Asanka Dissanayake" >>> wrote: >>> > >>> > Hi All, >>> > >>> > In App Factory application roles are defined in the >>> appfactory.xml. According to the present situation there are following >>> roles defined. >>> > -Application Owner >
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Ok.. that explains. But, I'm confused. How you guys assign this "appOwner" role to the user who creates an app?? Application Owner /permission/admin/login, /permission/admin/appfactory/develop, /permission/admin/appfactory/repository/readwrite, /permission/admin/appfactory/build, /permission/admin/appfactory/repository/branch, /permission/admin/appfactory/deployTo/Development, /permission/admin/appfactory/deployTo/Testing, /permission/admin/appfactory/deployTo/Staging, /permission/admin/appfactory/configure/db/Development, /permission/admin/appfactory/configure/db/Testing, /permission/admin/appfactory/configure/db/Staging, /permission/admin/appfactory/configure/api/subscribe, /permission/admin/appfactory/configure/resources/Development, /permission/admin/appfactory/configure/resources/Testing, /permission/admin/appfactory/configure/resources/Staging, /permission/admin/appfactory/datasource/create, /permission/admin/appfactory/datasource/update/Development, /permission/admin/appfactory/datasource/update/Testing, /permission/admin/appfactory/datasource/update/Staging, /permission/admin/appfactory/resource/create, /permission/admin/appfactory/resource/update/Development, /permission/admin/appfactory/resource/update/Testing, /permission/admin/appfactory/resource/update/Staging, /permission/admin/appfactory/promoteTo/Testing, /permission/admin/appfactory/promoteTo/Staging, /permission/admin/appfactory/demoteTo/Development, /permission/admin/appfactory/demoteTo/Testing, /permission/admin/appfactory/visibility/Development, /permission/admin/appfactory/visibility/Testing, /permission/admin/appfactory/visibility/Staging, /permission/admin/appfactory/usermgt/invite, /permission/admin/appfactory/configuration/apimanager On Tue, May 7, 2013 at 11:28 AM, Asanka Dissanayake wrote: > Hi Nirmal, > appfactory.xml is attached. > > > On Tue, May 7, 2013 at 11:08 AM, Nirmal Fernando wrote: > >> >> >> >> On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake wrote: >> >>> Hi All, >>> >>> @ Manjula, >>> Ya, It MUST be implemented at the back end too.But before that we should >>> figure out how to identify undeletable roles. >>> >>> >>> @Niraml, >>> appfactory.xml is editable, so if user wish to use a different name for >>> appOwner how can we compare it. So property DELETABLE will do the trick, >>> this property is applicable to any role that user think should not be >>> deleted. >>> >> >> You mind sending over a sample appfactory.xml ? >> >>> >>> >>> We should finalize this soon. >>> cheers! >>> >>> >>> On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: >>> On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake wrote: > Hi all, > > We can not check 'AppOwner' role at the front end only, what if we do > a REST call and invoke delete? > > @Nirmal, > All roles are read from appfactory.xml, however AppOwner is the set of > users who create applications, invite other users into different roles > such > as Developer, DevOps etc. When AppOwner invite another user, he can modify > existing roles assigned to users, for example, AppOwner can remove QA role > and add DevOp role for a DevOps user. > The issue here is that, AppOwner should not be able to reomve himself > from AppOwner role. That is why, the suggestion to add DELETABLE property > to each role. > Yes, so why we need a new property (if this is valid only for AppOwner)? Why can't you do the same check without hard coding the "AppOwner" role (read the role from appfactory.xml and validate whether the user is the AppOwner)? > > thank you. > > > > On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: > >> Asanka, >> >> Sent via my mobile >> -- Nirmal -- >> >> On May 6, 2013 8:21 PM, "Asanka Dissanayake" >> wrote: >> > >> > Hi All, >> > >> > In App Factory application roles are defined in the appfactory.xml. >> According to the present situation there are following roles defined. >> > -Application Owner >> > -Developer >> > -QA >> > -DevOps >> > >> > Each role has different permissions. From these roles Application >> Owner is very important. >> > Application owner MUST not be able to delete. (ATM if the >> application owner is deleted then the application becomes inaccessible ). >> > >> > To avoi
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
On Tue, May 7, 2013 at 11:05 AM, Asanka Dissanayake wrote: > Hi All, > > @ Manjula, > Ya, It MUST be implemented at the back end too.But before that we should > figure out how to identify undeletable roles. > > > @Niraml, > appfactory.xml is editable, so if user wish to use a different name for > appOwner how can we compare it. So property DELETABLE will do the trick, > this property is applicable to any role that user think should not be > deleted. > You mind sending over a sample appfactory.xml ? > > > We should finalize this soon. > cheers! > > > On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: > >> >> >> >> On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake wrote: >> >>> Hi all, >>> >>> We can not check 'AppOwner' role at the front end only, what if we do a >>> REST call and invoke delete? >>> >>> @Nirmal, >>> All roles are read from appfactory.xml, however AppOwner is the set of >>> users who create applications, invite other users into different roles such >>> as Developer, DevOps etc. When AppOwner invite another user, he can modify >>> existing roles assigned to users, for example, AppOwner can remove QA role >>> and add DevOp role for a DevOps user. >>> The issue here is that, AppOwner should not be able to reomve himself >>> from AppOwner role. That is why, the suggestion to add DELETABLE property >>> to each role. >>> >> >> Yes, so why we need a new property (if this is valid only for AppOwner)? >> Why can't you do the same check without hard coding the "AppOwner" role >> (read the role from appfactory.xml and validate whether the user is the >> AppOwner)? >> >>> >>> thank you. >>> >>> >>> >>> On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: >>> Asanka, Sent via my mobile -- Nirmal -- On May 6, 2013 8:21 PM, "Asanka Dissanayake" wrote: > > Hi All, > > In App Factory application roles are defined in the appfactory.xml. According to the present situation there are following roles defined. > -Application Owner > -Developer > -QA > -DevOps > > Each role has different permissions. From these roles Application Owner is very important. > Application owner MUST not be able to delete. (ATM if the application owner is deleted then the application becomes inaccessible ). > > To avoid deleting the appowner ,now delete button is hidden in the UI. to accomplish this task appOwner is hard coded and compared. If user changed the role name of the app owner in the appfactory.xml, this does not work. > > to avoid this there may be following options. > > -declare a property called DELETABLE > -or else we can give a UI to edit the content of the appfactory.xml and hide certain things we want such as app owner etc.. (If we provide this we should not allow user to open appfactory.xml directly) > Isn't it better to read the app owner role from appfactory.xml always ? I don't understand why you need any additional properties. > > > > > -- > > Asanka Dissanayake > Software Engineer > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: asan...@wso2.com, blog: cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 8373821 > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >>> >>> >>> -- >>> Manjula Rathnayaka >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 77 743 1987 >>> >> >> >> >> -- >> >> Thanks & regards, >> Nirmal >> >> Software Engineer- Platform Technologies Team, WSO2 Inc. >> Mobile: +94715779733 >> Blog: http://nirmalfdo.blogspot.com/ >> >> > > > -- > > *Asanka Dissanayake > Software Engineer* > *WSO2 Inc. - lean . enterprise . middleware | wso2.com* > * > email: asan...@wso2.com , blog: > cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 > 8373821* > -- Thanks & regards, Nirmal Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi All, @ Manjula, Ya, It MUST be implemented at the back end too.But before that we should figure out how to identify undeletable roles. @Niraml, appfactory.xml is editable, so if user wish to use a different name for appOwner how can we compare it. So property DELETABLE will do the trick, this property is applicable to any role that user think should not be deleted. We should finalize this soon. cheers! On Tue, May 7, 2013 at 10:34 AM, Nirmal Fernando wrote: > > > > On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake wrote: > >> Hi all, >> >> We can not check 'AppOwner' role at the front end only, what if we do a >> REST call and invoke delete? >> >> @Nirmal, >> All roles are read from appfactory.xml, however AppOwner is the set of >> users who create applications, invite other users into different roles such >> as Developer, DevOps etc. When AppOwner invite another user, he can modify >> existing roles assigned to users, for example, AppOwner can remove QA role >> and add DevOp role for a DevOps user. >> The issue here is that, AppOwner should not be able to reomve himself >> from AppOwner role. That is why, the suggestion to add DELETABLE property >> to each role. >> > > Yes, so why we need a new property (if this is valid only for AppOwner)? > Why can't you do the same check without hard coding the "AppOwner" role > (read the role from appfactory.xml and validate whether the user is the > AppOwner)? > >> >> thank you. >> >> >> >> On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: >> >>> Asanka, >>> >>> Sent via my mobile >>> -- Nirmal -- >>> >>> On May 6, 2013 8:21 PM, "Asanka Dissanayake" wrote: >>> > >>> > Hi All, >>> > >>> > In App Factory application roles are defined in the appfactory.xml. >>> According to the present situation there are following roles defined. >>> > -Application Owner >>> > -Developer >>> > -QA >>> > -DevOps >>> > >>> > Each role has different permissions. From these roles Application >>> Owner is very important. >>> > Application owner MUST not be able to delete. (ATM if the application >>> owner is deleted then the application becomes inaccessible ). >>> > >>> > To avoid deleting the appowner ,now delete button is hidden in the UI. >>> to accomplish this task appOwner is hard coded and compared. If user >>> changed the role name of the app owner in the appfactory.xml, this does not >>> work. >>> > >>> > to avoid this there may be following options. >>> > >>> > -declare a property called DELETABLE >>> > -or else we can give a UI to edit the content of the appfactory.xml >>> and hide certain things we want such as app owner etc.. (If we provide this >>> we should not allow user to open appfactory.xml directly) >>> > >>> >>> Isn't it better to read the app owner role from appfactory.xml always ? >>> >>> I don't understand why you need any additional properties. >>> > >>> > >>> > >>> > >>> > -- >>> > >>> > Asanka Dissanayake >>> > Software Engineer >>> > WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> > >>> > email: asan...@wso2.com, blog: cyberwaadiya.blogspot.com, >>> asankastechtalks.wordpress.com mobile: +94 71 8373821 >>> > >>> > ___ >>> > Dev mailing list >>> > Dev@wso2.org >>> > http://wso2.org/cgi-bin/mailman/listinfo/dev >>> > >>> >>> >> >> >> -- >> Manjula Rathnayaka >> Software Engineer >> WSO2, Inc. >> Mobile:+94 77 743 1987 >> > > > > -- > > Thanks & regards, > Nirmal > > Software Engineer- Platform Technologies Team, WSO2 Inc. > Mobile: +94715779733 > Blog: http://nirmalfdo.blogspot.com/ > > -- *Asanka Dissanayake Software Engineer* *WSO2 Inc. - lean . enterprise . middleware | wso2.com* * email: asan...@wso2.com , blog: cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 8373821* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
On Tue, May 7, 2013 at 10:16 AM, Manjula Rathnayake wrote: > Hi all, > > We can not check 'AppOwner' role at the front end only, what if we do a > REST call and invoke delete? > > @Nirmal, > All roles are read from appfactory.xml, however AppOwner is the set of > users who create applications, invite other users into different roles such > as Developer, DevOps etc. When AppOwner invite another user, he can modify > existing roles assigned to users, for example, AppOwner can remove QA role > and add DevOp role for a DevOps user. > The issue here is that, AppOwner should not be able to reomve himself from > AppOwner role. That is why, the suggestion to add DELETABLE property to > each role. > Yes, so why we need a new property (if this is valid only for AppOwner)? Why can't you do the same check without hard coding the "AppOwner" role (read the role from appfactory.xml and validate whether the user is the AppOwner)? > > thank you. > > > > On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: > >> Asanka, >> >> Sent via my mobile >> -- Nirmal -- >> >> On May 6, 2013 8:21 PM, "Asanka Dissanayake" wrote: >> > >> > Hi All, >> > >> > In App Factory application roles are defined in the appfactory.xml. >> According to the present situation there are following roles defined. >> > -Application Owner >> > -Developer >> > -QA >> > -DevOps >> > >> > Each role has different permissions. From these roles Application Owner >> is very important. >> > Application owner MUST not be able to delete. (ATM if the application >> owner is deleted then the application becomes inaccessible ). >> > >> > To avoid deleting the appowner ,now delete button is hidden in the UI. >> to accomplish this task appOwner is hard coded and compared. If user >> changed the role name of the app owner in the appfactory.xml, this does not >> work. >> > >> > to avoid this there may be following options. >> > >> > -declare a property called DELETABLE >> > -or else we can give a UI to edit the content of the appfactory.xml and >> hide certain things we want such as app owner etc.. (If we provide this we >> should not allow user to open appfactory.xml directly) >> > >> >> Isn't it better to read the app owner role from appfactory.xml always ? >> >> I don't understand why you need any additional properties. >> > >> > >> > >> > >> > -- >> > >> > Asanka Dissanayake >> > Software Engineer >> > WSO2 Inc. - lean . enterprise . middleware | wso2.com >> > >> > email: asan...@wso2.com, blog: cyberwaadiya.blogspot.com, >> asankastechtalks.wordpress.com mobile: +94 71 8373821 >> > >> > ___ >> > Dev mailing list >> > Dev@wso2.org >> > http://wso2.org/cgi-bin/mailman/listinfo/dev >> > >> >> > > > -- > Manjula Rathnayaka > Software Engineer > WSO2, Inc. > Mobile:+94 77 743 1987 > -- Thanks & regards, Nirmal Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi all, We can not check 'AppOwner' role at the front end only, what if we do a REST call and invoke delete? @Nirmal, All roles are read from appfactory.xml, however AppOwner is the set of users who create applications, invite other users into different roles such as Developer, DevOps etc. When AppOwner invite another user, he can modify existing roles assigned to users, for example, AppOwner can remove QA role and add DevOp role for a DevOps user. The issue here is that, AppOwner should not be able to reomve himself from AppOwner role. That is why, the suggestion to add DELETABLE property to each role. thank you. On Mon, May 6, 2013 at 10:21 PM, Nirmal Fernando wrote: > Asanka, > > Sent via my mobile > -- Nirmal -- > > On May 6, 2013 8:21 PM, "Asanka Dissanayake" wrote: > > > > Hi All, > > > > In App Factory application roles are defined in the appfactory.xml. > According to the present situation there are following roles defined. > > -Application Owner > > -Developer > > -QA > > -DevOps > > > > Each role has different permissions. From these roles Application Owner > is very important. > > Application owner MUST not be able to delete. (ATM if the application > owner is deleted then the application becomes inaccessible ). > > > > To avoid deleting the appowner ,now delete button is hidden in the UI. > to accomplish this task appOwner is hard coded and compared. If user > changed the role name of the app owner in the appfactory.xml, this does not > work. > > > > to avoid this there may be following options. > > > > -declare a property called DELETABLE > > -or else we can give a UI to edit the content of the appfactory.xml and > hide certain things we want such as app owner etc.. (If we provide this we > should not allow user to open appfactory.xml directly) > > > > Isn't it better to read the app owner role from appfactory.xml always ? > > I don't understand why you need any additional properties. > > > > > > > > > > -- > > > > Asanka Dissanayake > > Software Engineer > > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > > > email: asan...@wso2.com, blog: cyberwaadiya.blogspot.com, > asankastechtalks.wordpress.com mobile: +94 71 8373821 > > > > ___ > > Dev mailing list > > Dev@wso2.org > > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Asanka, Sent via my mobile -- Nirmal -- On May 6, 2013 8:21 PM, "Asanka Dissanayake" wrote: > > Hi All, > > In App Factory application roles are defined in the appfactory.xml. According to the present situation there are following roles defined. > -Application Owner > -Developer > -QA > -DevOps > > Each role has different permissions. From these roles Application Owner is very important. > Application owner MUST not be able to delete. (ATM if the application owner is deleted then the application becomes inaccessible ). > > To avoid deleting the appowner ,now delete button is hidden in the UI. to accomplish this task appOwner is hard coded and compared. If user changed the role name of the app owner in the appfactory.xml, this does not work. > > to avoid this there may be following options. > > -declare a property called DELETABLE > -or else we can give a UI to edit the content of the appfactory.xml and hide certain things we want such as app owner etc.. (If we provide this we should not allow user to open appfactory.xml directly) > Isn't it better to read the app owner role from appfactory.xml always ? I don't understand why you need any additional properties. > > > > > -- > > Asanka Dissanayake > Software Engineer > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: asan...@wso2.com, blog: cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 8373821 > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi Asanka, I think the first option is better. Having a property like deletable is easy to implement and it is safer than giving users direct access to appfactory.xml . +1 for having a property called DELETABLE. Thanks On Mon, May 6, 2013 at 8:20 PM, Asanka Dissanayake wrote: > Hi All, > > In App Factory application roles are defined in the appfactory.xml. > According to the present situation there are following roles defined. > -Application Owner > -Developer > -QA > -DevOps > > Each role has different permissions. From these roles Application Owner is > very important. > Application owner *MUST* not be able to delete. (ATM if the application > owner is deleted then the application becomes inaccessible ). > > To avoid deleting the appowner ,now delete button is hidden in the UI. to > accomplish this task appOwner is hard coded and compared. If user changed > the role name of the app owner in the appfactory.xml, this does not work. > > to avoid this there may be following options. > > -declare a property called DELETABLE > -or else we can give a UI to edit the content of the appfactory.xml and > hide certain things we want such as app owner etc.. (If we provide this we > should not allow user to open appfactory.xml directly) > > > > > > -- > > *Asanka Dissanayake > Software Engineer* > *WSO2 Inc. - lean . enterprise . middleware | wso2.com* > * > email: asan...@wso2.com , blog: > cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 > 8373821* > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Gayan Dhanushka Software Engineer WSO2 Inc. http://wso2.com Mobile : 0716662327 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [DEV][APPFACTORY] Problem with identifying the priority role (Application Owner)
Hi All, In App Factory application roles are defined in the appfactory.xml. According to the present situation there are following roles defined. -Application Owner -Developer -QA -DevOps Each role has different permissions. From these roles Application Owner is very important. Application owner *MUST* not be able to delete. (ATM if the application owner is deleted then the application becomes inaccessible ). To avoid deleting the appowner ,now delete button is hidden in the UI. to accomplish this task appOwner is hard coded and compared. If user changed the role name of the app owner in the appfactory.xml, this does not work. to avoid this there may be following options. -declare a property called DELETABLE -or else we can give a UI to edit the content of the appfactory.xml and hide certain things we want such as app owner etc.. (If we provide this we should not allow user to open appfactory.xml directly) -- *Asanka Dissanayake Software Engineer* *WSO2 Inc. - lean . enterprise . middleware | wso2.com* * email: asan...@wso2.com , blog: cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 8373821* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev