[aerogear-dev] Admin and Developer roles for UPS

Matthias Wessendorf matzew at apache.org
Wed Oct 8 13:49:34 EDT 2014 

On Wed, Oct 8, 2014 at 6:25 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> On 2014-10-08, Matthias Wessendorf wrote:
> > On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
> >
> > > If I understood correctly what we want to achieve tl;dr is:
> > >
> > > - Include a JPA query on UPS to list all app/variants on UPS
> > >
> >
> > yes
> >
> >
> > > - Introduce fine grained permissions for this query. Into this way we
> > >   can differentiate admin from developers[1]
> > >
> >
> > the 'how' is tbd;
>
> I just want to check if my reading is correct and we can start to work
> on the "how" with Jiras. If you are fine with it.
>
> > today we query for the user's own apps/variant:
> >
> https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88
> >
> > One (simple) option is: the underlying service could do a "select *
> > from..." if the role is 'admin'
>
> Alright. But the query must display that some app "golum" belongs to
> "abstractj" and another app with the same name, belongs to matzew.
> Because is pretty likely to happen naming duplication.
>

yeah, sure. That info is already present on the PushApplication - currently
that is just not displayed.


>
> >
> >
> > > - Create an interface on UPS to the admin, otherwise the whole
> > >   implementation is useless.
> > >
> >
> > what do you mean ?
>
> If you query the database for all apps created. How do you delete the
> application "golum" created by bruno if I have 10 apps named "golum" in
> my database?
>

Ah, ok. I was wondering you wanted to define some completely new UI :)

I had something like this in mind (yes, I am not a designer :))
http://people.apache.org/~matzew/AdminViewOnApps.png

That's just one initial thought. Once we agree on this overall feature, I
think we will nail the details of the 'how' in the relevant JIRA subtasks
of AGPUSH-697.
However I fully agree that we need to apply some tweaks to the existing UI,
so that the owner name is visible when the 'admin' is looking at the
"application overview" page, like in the screenshot.


>
> That's why I think the mininum for the UPS admin interface must be
> defined, right
> now, before start the whole implementation. What would you expect to see
> when you query the whole database?
>

I thought about adding 'pagination' on the "application overview" page,
similar like we do on the installations.

-Matthias



>
> >
> >
> > >
> > > >From my understanding, Keycloak will just manage these users and
> unless
> > > something has changed, we provide the fine grained authorization model
> on
> > > UPS. Like
> > > we did in the past.
> > >
> >
> > yeah, the users live in Keycloak - we somehow differentiate on the
> > role/user if we do a "select all" or just those for the specific user
> >
> >
> > >
> > > Am I correct?
> > >
> > > [1] -
> http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html
> > >
> > > On 2014-10-08, Matthias Wessendorf wrote:
> > > > Hi,
> > > >
> > > > as of today, we have a single user (admin), to revisit that we have
> > > > AGPUSH-697 (see [1]).
> > > >
> > > > Based on changes over the months (e.g new UI and being based on
> > > Keycloak),
> > > > I have updated our old spec/gist:
> > > > https://gist.github.com/matzew/ed0055000a8347488a37
> > > >
> > > > Greetings,
> > > > Matthias
> > > >
> > > > [1] https://issues.jboss.org/browse/AGPUSH-697
> > > >
> > > > --
> > > > Matthias Wessendorf
> > > >
> > > > blog: http://matthiaswessendorf.wordpress.com/
> > > > sessions: http://www.slideshare.net/mwessendorf
> > > > twitter: http://twitter.com/mwessendorf
> > >
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> > >
> > > --
> > >
> > > abstractj
> > > PGP: 0x84DC9914
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141008/c7705124/attachment-0001.html

More information about the aerogear-dev mailing list