<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 8, 2014 at 6:25 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 2014-10-08, Matthias Wessendorf wrote:<br>
</span><span class="">> On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
><br>
> > If I understood correctly what we want to achieve tl;dr is:<br>
> ><br>
> > - Include a JPA query on UPS to list all app/variants on UPS<br>
> ><br>
><br>
> yes<br>
><br>
><br>
> > - Introduce fine grained permissions for this query. Into this way we<br>
> > can differentiate admin from developers[1]<br>
> ><br>
><br>
> the 'how' is tbd;<br>
<br>
</span>I just want to check if my reading is correct and we can start to work<br>
on the "how" with Jiras. If you are fine with it.<br>
<span class=""><br>
> today we query for the user's own apps/variant:<br>
> <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88</a><br>
><br>
> One (simple) option is: the underlying service could do a "select *<br>
> from..." if the role is 'admin'<br>
<br>
</span>Alright. But the query must display that some app "golum" belongs to<br>
"abstractj" and another app with the same name, belongs to matzew.<br>
Because is pretty likely to happen naming duplication.<br></blockquote><div><br></div><div>yeah, sure. That info is already present on the PushApplication - currently that is just not displayed.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><br>
><br>
><br>
> > - Create an interface on UPS to the admin, otherwise the whole<br>
> > implementation is useless.<br>
> ><br>
><br>
> what do you mean ?<br>
<br>
</span>If you query the database for all apps created. How do you delete the<br>
application "golum" created by bruno if I have 10 apps named "golum" in<br>
my database?<br></blockquote><div><br></div><div>Ah, ok. I was wondering you wanted to define some completely new UI :) </div><div><br></div><div>I had something like this in mind (yes, I am not a designer :))</div><div><a href="http://people.apache.org/~matzew/AdminViewOnApps.png">http://people.apache.org/~matzew/AdminViewOnApps.png</a><br></div><div><br></div><div>That's just one initial thought. Once we agree on this overall feature, I think we will nail the details of the 'how' in the relevant JIRA subtasks of AGPUSH-697.</div><div>However I fully agree that we need to apply some tweaks to the existing UI, so that the owner name is visible when the 'admin' is looking at the "application overview" page, like in the screenshot.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
That's why I think the mininum for the UPS admin interface must be defined, right<br>
now, before start the whole implementation. What would you expect to see<br>
when you query the whole database?<br></blockquote><div><br></div><div>I thought about adding 'pagination' on the "application overview" page, similar like we do on the installations. </div><div><br></div><div>-Matthias</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><div class="h5"><br>
><br>
><br>
> ><br>
> > >From my understanding, Keycloak will just manage these users and unless<br>
> > something has changed, we provide the fine grained authorization model on<br>
> > UPS. Like<br>
> > we did in the past.<br>
> ><br>
><br>
> yeah, the users live in Keycloak - we somehow differentiate on the<br>
> role/user if we do a "select all" or just those for the specific user<br>
><br>
><br>
> ><br>
> > Am I correct?<br>
> ><br>
> > [1] - <a href="http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html</a><br>
> ><br>
> > On 2014-10-08, Matthias Wessendorf wrote:<br>
> > > Hi,<br>
> > ><br>
> > > as of today, we have a single user (admin), to revisit that we have<br>
> > > AGPUSH-697 (see [1]).<br>
> > ><br>
> > > Based on changes over the months (e.g new UI and being based on<br>
> > Keycloak),<br>
> > > I have updated our old spec/gist:<br>
> > > <a href="https://gist.github.com/matzew/ed0055000a8347488a37" target="_blank">https://gist.github.com/matzew/ed0055000a8347488a37</a><br>
> > ><br>
> > > Greetings,<br>
> > > Matthias<br>
> > ><br>
> > > [1] <a href="https://issues.jboss.org/browse/AGPUSH-697" target="_blank">https://issues.jboss.org/browse/AGPUSH-697</a><br>
> > ><br>
> > > --<br>
> > > Matthias Wessendorf<br>
> > ><br>
> > > blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> > > sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> > > twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> ><br>
> > > _______________________________________________<br>
> > > aerogear-dev mailing list<br>
> > > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
> ><br>
> > --<br>
> ><br>
> > abstractj<br>
> > PGP: 0x84DC9914<br>
> > _______________________________________________<br>
> > aerogear-dev mailing list<br>
> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>