
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 8, 2014 at 6:25 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 2014-10-08, Matthias Wessendorf wrote:<br>

</span><span class="">&gt; On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira &lt;<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>&gt; wrote:<br>

&gt;<br>

&gt; &gt; If I understood correctly what we want to achieve tl;dr is:<br>

&gt; &gt;<br>

&gt; &gt; - Include a JPA query on UPS to list all app/variants on UPS<br>

&gt; &gt;<br>

&gt;<br>

&gt; yes<br>

&gt;<br>

&gt;<br>

&gt; &gt; - Introduce fine grained permissions for this query. Into this way we<br>

&gt; &gt;   can differentiate admin from developers[1]<br>

&gt; &gt;<br>

&gt;<br>

&gt; the &#39;how&#39; is tbd;<br>

<br>

</span>I just want to check if my reading is correct and we can start to work<br>

on the &quot;how&quot; with Jiras. If you are fine with it.<br>

<span class=""><br>

&gt; today we query for the user&#39;s own apps/variant:<br>

&gt; <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88</a><br>

&gt;<br>

&gt; One (simple) option is: the underlying service could do a &quot;select *<br>

&gt; from...&quot; if the role is &#39;admin&#39;<br>

<br>

</span>Alright. But the query must display that some app &quot;golum&quot; belongs to<br>

&quot;abstractj&quot; and another app with the same name, belongs to matzew.<br>

Because is pretty likely to happen naming duplication.<br></blockquote><div><br></div><div>yeah, sure. That info is already present on the PushApplication - currently that is just not displayed.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<span class=""><br>

&gt;<br>

&gt;<br>

&gt; &gt; - Create an interface on UPS to the admin, otherwise the whole<br>

&gt; &gt;   implementation is useless.<br>

&gt; &gt;<br>

&gt;<br>

&gt; what do you mean ?<br>

<br>

</span>If you query the database for all apps created. How do you delete the<br>

application &quot;golum&quot; created by bruno if I have 10 apps named &quot;golum&quot; in<br>

my database?<br></blockquote><div><br></div><div>Ah, ok. I was wondering you wanted to define some completely new UI :) </div><div><br></div><div>I had something like this in mind (yes, I am not a designer :))</div><div><a href="http://people.apache.org/~matzew/AdminViewOnApps.png">http://people.apache.org/~matzew/AdminViewOnApps.png</a><br></div><div><br></div><div>That&#39;s just one initial thought. Once we agree on this overall feature, I think we will nail the details of the &#39;how&#39; in the relevant JIRA subtasks of AGPUSH-697.</div><div>However I fully agree that we need to apply some tweaks to the existing UI, so that the owner name is visible when the &#39;admin&#39; is looking at the &quot;application overview&quot; page, like in the screenshot.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<br>

That&#39;s why I think the mininum for the UPS admin interface must be defined, right<br>

now, before start the whole implementation. What would you expect to see<br>

when you query the whole database?<br></blockquote><div><br></div><div>I thought about adding &#39;pagination&#39; on the &quot;application overview&quot; page, similar like we do on the installations. </div><div><br></div><div>-Matthias</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div class=""><div class="h5"><br>

&gt;<br>

&gt;<br>

&gt; &gt;<br>

&gt; &gt; &gt;From my understanding, Keycloak will just manage these users and unless<br>

&gt; &gt; something has changed, we provide the fine grained authorization model on<br>

&gt; &gt; UPS. Like<br>

&gt; &gt; we did in the past.<br>

&gt; &gt;<br>

&gt;<br>

&gt; yeah, the users live in Keycloak - we somehow differentiate on the<br>

&gt; role/user if we do a &quot;select all&quot; or just those for the specific user<br>

&gt;<br>

&gt;<br>

&gt; &gt;<br>

&gt; &gt; Am I correct?<br>

&gt; &gt;<br>

&gt; &gt; [1] - <a href="http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html</a><br>

&gt; &gt;<br>

&gt; &gt; On 2014-10-08, Matthias Wessendorf wrote:<br>

&gt; &gt; &gt; Hi,<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; as of today, we have a single user (admin), to revisit that we have<br>

&gt; &gt; &gt; AGPUSH-697 (see [1]).<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; Based on changes over the months (e.g new UI and being based on<br>

&gt; &gt; Keycloak),<br>

&gt; &gt; &gt; I have updated our old spec/gist:<br>

&gt; &gt; &gt; <a href="https://gist.github.com/matzew/ed0055000a8347488a37" target="_blank">https://gist.github.com/matzew/ed0055000a8347488a37</a><br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; Greetings,<br>

&gt; &gt; &gt; Matthias<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; [1] <a href="https://issues.jboss.org/browse/AGPUSH-697" target="_blank">https://issues.jboss.org/browse/AGPUSH-697</a><br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; --<br>

&gt; &gt; &gt; Matthias Wessendorf<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; &gt; &gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; &gt; &gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

&gt; &gt;<br>

&gt; &gt; &gt; _______________________________________________<br>

&gt; &gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt; --<br>

&gt; &gt;<br>

&gt; &gt; abstractj<br>

&gt; &gt; PGP: 0x84DC9914<br>

&gt; &gt; _______________________________________________<br>

&gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; --<br>

&gt; Matthias Wessendorf<br>

&gt;<br>

&gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

<br>

&gt; _______________________________________________<br>

&gt; aerogear-dev mailing list<br>

&gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

<br>

<br>

--<br>

<br>

abstractj<br>

PGP: 0x84DC9914<br>

_______________________________________________<br>

aerogear-dev mailing list<br>

<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>

</div></div>