[aerogear-dev] Admin and Developer roles for UPS
Bruno Oliveira
bruno at abstractj.org
Wed Oct 8 12:25:55 EDT 2014
On 2014-10-08, Matthias Wessendorf wrote:
> On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > If I understood correctly what we want to achieve tl;dr is:
> >
> > - Include a JPA query on UPS to list all app/variants on UPS
> >
>
> yes
>
>
> > - Introduce fine grained permissions for this query. Into this way we
> > can differentiate admin from developers[1]
> >
>
> the 'how' is tbd;
I just want to check if my reading is correct and we can start to work
on the "how" with Jiras. If you are fine with it.
> today we query for the user's own apps/variant:
> https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88
>
> One (simple) option is: the underlying service could do a "select *
> from..." if the role is 'admin'
Alright. But the query must display that some app "golum" belongs to
"abstractj" and another app with the same name, belongs to matzew.
Because is pretty likely to happen naming duplication.
>
>
> > - Create an interface on UPS to the admin, otherwise the whole
> > implementation is useless.
> >
>
> what do you mean ?
If you query the database for all apps created. How do you delete the
application "golum" created by bruno if I have 10 apps named "golum" in
my database?
That's why I think the mininum for the UPS admin interface must be defined, right
now, before start the whole implementation. What would you expect to see
when you query the whole database?
>
>
> >
> > >From my understanding, Keycloak will just manage these users and unless
> > something has changed, we provide the fine grained authorization model on
> > UPS. Like
> > we did in the past.
> >
>
> yeah, the users live in Keycloak - we somehow differentiate on the
> role/user if we do a "select all" or just those for the specific user
>
>
> >
> > Am I correct?
> >
> > [1] - http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html
> >
> > On 2014-10-08, Matthias Wessendorf wrote:
> > > Hi,
> > >
> > > as of today, we have a single user (admin), to revisit that we have
> > > AGPUSH-697 (see [1]).
> > >
> > > Based on changes over the months (e.g new UI and being based on
> > Keycloak),
> > > I have updated our old spec/gist:
> > > https://gist.github.com/matzew/ed0055000a8347488a37
> > >
> > > Greetings,
> > > Matthias
> > >
> > > [1] https://issues.jboss.org/browse/AGPUSH-697
> > >
> > > --
> > > Matthias Wessendorf
> > >
> > > blog: http://matthiaswessendorf.wordpress.com/
> > > sessions: http://www.slideshare.net/mwessendorf
> > > twitter: http://twitter.com/mwessendorf
> >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
More information about the aerogear-dev
mailing list