[aerogear-dev] Admin and Developer roles for UPS
Matthias Wessendorf
matzew at apache.org
Wed Oct 8 11:40:32 EDT 2014
On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> If I understood correctly what we want to achieve tl;dr is:
>
> - Include a JPA query on UPS to list all app/variants on UPS
>
yes
> - Introduce fine grained permissions for this query. Into this way we
> can differentiate admin from developers[1]
>
the 'how' is tbd;
today we query for the user's own apps/variant:
https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88
One (simple) option is: the underlying service could do a "select *
from..." if the role is 'admin'
> - Create an interface on UPS to the admin, otherwise the whole
> implementation is useless.
>
what do you mean ?
>
> >From my understanding, Keycloak will just manage these users and unless
> something has changed, we provide the fine grained authorization model on
> UPS. Like
> we did in the past.
>
yeah, the users live in Keycloak - we somehow differentiate on the
role/user if we do a "select all" or just those for the specific user
>
> Am I correct?
>
> [1] - http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html
>
> On 2014-10-08, Matthias Wessendorf wrote:
> > Hi,
> >
> > as of today, we have a single user (admin), to revisit that we have
> > AGPUSH-697 (see [1]).
> >
> > Based on changes over the months (e.g new UI and being based on
> Keycloak),
> > I have updated our old spec/gist:
> > https://gist.github.com/matzew/ed0055000a8347488a37
> >
> > Greetings,
> > Matthias
> >
> > [1] https://issues.jboss.org/browse/AGPUSH-697
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141008/bd55f5af/attachment.html
More information about the aerogear-dev
mailing list