<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">If I understood correctly what we want to achieve tl;dr is:<br>
<br>
- Include a JPA query on UPS to list all app/variants on UPS<br></blockquote><div><br></div><div>yes</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
- Introduce fine grained permissions for this query. Into this way we<br>
can differentiate admin from developers[1]<br></blockquote><div><br></div><div>the 'how' is tbd;</div><div>today we query for the user's own apps/variant:</div><div><a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88</a><br></div><div><br></div><div>One (simple) option is: the underlying service could do a "select * from..." if the role is 'admin'</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
- Create an interface on UPS to the admin, otherwise the whole<br>
implementation is useless.<br></blockquote><div><br></div><div>what do you mean ? </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
>From my understanding, Keycloak will just manage these users and unless<br>
something has changed, we provide the fine grained authorization model on UPS. Like<br>
we did in the past.<br></blockquote><div><br></div><div>yeah, the users live in Keycloak - we somehow differentiate on the role/user if we do a "select all" or just those for the specific user</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Am I correct?<br>
<br>
[1] - <a href="http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html</a><br>
<div><div class="h5"><br>
On 2014-10-08, Matthias Wessendorf wrote:<br>
> Hi,<br>
><br>
> as of today, we have a single user (admin), to revisit that we have<br>
> AGPUSH-697 (see [1]).<br>
><br>
> Based on changes over the months (e.g new UI and being based on Keycloak),<br>
> I have updated our old spec/gist:<br>
> <a href="https://gist.github.com/matzew/ed0055000a8347488a37" target="_blank">https://gist.github.com/matzew/ed0055000a8347488a37</a><br>
><br>
> Greetings,<br>
> Matthias<br>
><br>
> [1] <a href="https://issues.jboss.org/browse/AGPUSH-697" target="_blank">https://issues.jboss.org/browse/AGPUSH-697</a><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
<br>
</div></div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>