<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 8, 2014 at 10:23 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.com" target="_blank">bruno@abstractj.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 2014-10-08, Matthias Wessendorf wrote:<br>
> On Wed, Oct 8, 2014 at 6:25 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
><br>
> > On 2014-10-08, Matthias Wessendorf wrote:<br>
> > > On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>><br>
> > wrote:<br>
> > ><br>
> > > > If I understood correctly what we want to achieve tl;dr is:<br>
> > > ><br>
> > > > - Include a JPA query on UPS to list all app/variants on UPS<br>
> > > ><br>
> > ><br>
> > > yes<br>
> > ><br>
> > ><br>
> > > > - Introduce fine grained permissions for this query. Into this way we<br>
> > > > can differentiate admin from developers[1]<br>
> > > ><br>
> > ><br>
> > > the 'how' is tbd;<br>
> ><br>
> > I just want to check if my reading is correct and we can start to work<br>
> > on the "how" with Jiras. If you are fine with it.<br>
> ><br>
> > > today we query for the user's own apps/variant:<br>
> > ><br>
> > <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88</a><br>
> > ><br>
> > > One (simple) option is: the underlying service could do a "select *<br>
> > > from..." if the role is 'admin'<br>
> ><br>
> > Alright. But the query must display that some app "golum" belongs to<br>
> > "abstractj" and another app with the same name, belongs to matzew.<br>
> > Because is pretty likely to happen naming duplication.<br>
> ><br>
><br>
> yeah, sure. That info is already present on the PushApplication - currently<br>
> that is just not displayed.<br>
><br>
><br>
> ><br>
> > ><br>
> > ><br>
> > > > - Create an interface on UPS to the admin, otherwise the whole<br>
> > > > implementation is useless.<br>
> > > ><br>
> > ><br>
> > > what do you mean ?<br>
> ><br>
> > If you query the database for all apps created. How do you delete the<br>
> > application "golum" created by bruno if I have 10 apps named "golum" in<br>
> > my database?<br>
> ><br>
><br>
> Ah, ok. I was wondering you wanted to define some completely new UI :)<br>
><br>
> I had something like this in mind (yes, I am not a designer :))<br>
> <a href="http://people.apache.org/~matzew/AdminViewOnApps.png" target="_blank">http://people.apache.org/~matzew/AdminViewOnApps.png</a><br>
<br>
</div></div>The interface design is not a big deal. Would be nice to add some<br>
filtering to the search:<br>
<br>
- search by owner<br>
- search by variant<br>
- search by app name<br></blockquote><div><br></div><div>regarding the search and filtering, I do see value in it, but - for timing reasons, let's please do that only once the other stuff is really in, and works.</div><div><br></div><div>I don't expect a gazillion of PushApps on one server instance, so pagination of a few pages, sorted by "username" should be good enough</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
<br>
><br>
> That's just one initial thought. Once we agree on this overall feature, I<br>
> think we will nail the details of the 'how' in the relevant JIRA subtasks<br>
> of AGPUSH-697.<br>
> However I fully agree that we need to apply some tweaks to the existing UI,<br>
> so that the owner name is visible when the 'admin' is looking at the<br>
> "application overview" page, like in the screenshot.<br>
<br>
</span>Subtasks already created: <a href="https://issues.jboss.org/browse/AGPUSH-697" target="_blank">https://issues.jboss.org/browse/AGPUSH-697</a><br>
<div class="HOEnZb"><div class="h5"><br>
<br>
><br>
><br>
> ><br>
> > That's why I think the mininum for the UPS admin interface must be<br>
> > defined, right<br>
> > now, before start the whole implementation. What would you expect to see<br>
> > when you query the whole database?<br>
> ><br>
><br>
> I thought about adding 'pagination' on the "application overview" page,<br>
> similar like we do on the installations.<br>
><br>
> -Matthias<br>
><br>
><br>
><br>
> ><br>
> > ><br>
> > ><br>
> > > ><br>
> > > > >From my understanding, Keycloak will just manage these users and<br>
> > unless<br>
> > > > something has changed, we provide the fine grained authorization model<br>
> > on<br>
> > > > UPS. Like<br>
> > > > we did in the past.<br>
> > > ><br>
> > ><br>
> > > yeah, the users live in Keycloak - we somehow differentiate on the<br>
> > > role/user if we do a "select all" or just those for the specific user<br>
> > ><br>
> > ><br>
> > > ><br>
> > > > Am I correct?<br>
> > > ><br>
> > > > [1] -<br>
> > <a href="http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html</a><br>
> > > ><br>
> > > > On 2014-10-08, Matthias Wessendorf wrote:<br>
> > > > > Hi,<br>
> > > > ><br>
> > > > > as of today, we have a single user (admin), to revisit that we have<br>
> > > > > AGPUSH-697 (see [1]).<br>
> > > > ><br>
> > > > > Based on changes over the months (e.g new UI and being based on<br>
> > > > Keycloak),<br>
> > > > > I have updated our old spec/gist:<br>
> > > > > <a href="https://gist.github.com/matzew/ed0055000a8347488a37" target="_blank">https://gist.github.com/matzew/ed0055000a8347488a37</a><br>
> > > > ><br>
> > > > > Greetings,<br>
> > > > > Matthias<br>
> > > > ><br>
> > > > > [1] <a href="https://issues.jboss.org/browse/AGPUSH-697" target="_blank">https://issues.jboss.org/browse/AGPUSH-697</a><br>
> > > > ><br>
> > > > > --<br>
> > > > > Matthias Wessendorf<br>
> > > > ><br>
> > > > > blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> > > > > sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> > > > > twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> > > ><br>
> > > > > _______________________________________________<br>
> > > > > aerogear-dev mailing list<br>
> > > > > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > > > > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> > > ><br>
> > > ><br>
> > > > --<br>
> > > ><br>
> > > > abstractj<br>
> > > > PGP: 0x84DC9914<br>
> > > > _______________________________________________<br>
> > > > aerogear-dev mailing list<br>
> > > > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > > > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> > > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > --<br>
> > > Matthias Wessendorf<br>
> > ><br>
> > > blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> > > sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> > > twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> ><br>
> > > _______________________________________________<br>
> > > aerogear-dev mailing list<br>
> > > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
> ><br>
> > --<br>
> ><br>
> > abstractj<br>
> > PGP: 0x84DC9914<br>
> > _______________________________________________<br>
> > aerogear-dev mailing list<br>
> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>