[aerogear-dev] Admin and Developer roles for UPS

Sebastien Blanc scm.blanc at gmail.com
Thu Oct 9 02:49:31 EDT 2014 

On Thu, Oct 9, 2014 at 7:34 AM, Matthias Wessendorf <matzew at apache.org>
wrote:

>
>
> On Wed, Oct 8, 2014 at 10:23 PM, Bruno Oliveira <bruno at abstractj.com>
> wrote:
>
>> On 2014-10-08, Matthias Wessendorf wrote:
>> > On Wed, Oct 8, 2014 at 6:25 PM, Bruno Oliveira <bruno at abstractj.org>
>> wrote:
>> >
>> > > On 2014-10-08, Matthias Wessendorf wrote:
>> > > > On Wed, Oct 8, 2014 at 5:34 PM, Bruno Oliveira <bruno at abstractj.org
>> >
>> > > wrote:
>> > > >
>> > > > > If I understood correctly what we want to achieve tl;dr is:
>> > > > >
>> > > > > - Include a JPA query on UPS to list all app/variants on UPS
>> > > > >
>> > > >
>> > > > yes
>> > > >
>> > > >
>> > > > > - Introduce fine grained permissions for this query. Into this
>> way we
>> > > > >   can differentiate admin from developers[1]
>> > > > >
>> > > >
>> > > > the 'how' is tbd;
>> > >
>> > > I just want to check if my reading is correct and we can start to work
>> > > on the "how" with Jiras. If you are fine with it.
>> > >
>> > > > today we query for the user's own apps/variant:
>> > > >
>> > >
>> https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/PushApplicationEndpoint.java#L88
>> > > >
>> > > > One (simple) option is: the underlying service could do a "select *
>> > > > from..." if the role is 'admin'
>> > >
>> > > Alright. But the query must display that some app "golum" belongs to
>> > > "abstractj" and another app with the same name, belongs to matzew.
>> > > Because is pretty likely to happen naming duplication.
>> > >
>> >
>> > yeah, sure. That info is already present on the PushApplication -
>> currently
>> > that is just not displayed.
>> >
>> >
>> > >
>> > > >
>> > > >
>> > > > > - Create an interface on UPS to the admin, otherwise the whole
>> > > > >   implementation is useless.
>> > > > >
>> > > >
>> > > > what do you mean ?
>> > >
>> > > If you query the database for all apps created. How do you delete the
>> > > application "golum" created by bruno if I have 10 apps named "golum"
>> in
>> > > my database?
>> > >
>> >
>> > Ah, ok. I was wondering you wanted to define some completely new UI :)
>> >
>> > I had something like this in mind (yes, I am not a designer :))
>> > http://people.apache.org/~matzew/AdminViewOnApps.png
>>
>> The interface design is not a big deal. Would be nice to add some
>> filtering to the search:
>>
>> - search by owner
>> - search by variant
>> - search by app name
>>
>
> regarding the search and filtering, I do see value in it, but - for timing
> reasons, let's please do that only once the other stuff is really in, and
> works.
>
> I don't expect a gazillion of PushApps on one server instance, so
> pagination of a few pages, sorted by "username" should be good enough
>

+1 , it's just a matter of adding "ORDER BY developer" and I think we can
reuse our pagination component from the installation page.
But indeed, for the next releases adding some filtering will be nice.

>
>
>
>>
>>
>> >
>> > That's just one initial thought. Once we agree on this overall feature,
>> I
>> > think we will nail the details of the 'how' in the relevant JIRA
>> subtasks
>> > of AGPUSH-697.
>> > However I fully agree that we need to apply some tweaks to the existing
>> UI,
>> > so that the owner name is visible when the 'admin' is looking at the
>> > "application overview" page, like in the screenshot.
>>
>> Subtasks already created: https://issues.jboss.org/browse/AGPUSH-697
>>
>>
>> >
>> >
>> > >
>> > > That's why I think the mininum for the UPS admin interface must be
>> > > defined, right
>> > > now, before start the whole implementation. What would you expect to
>> see
>> > > when you query the whole database?
>> > >
>> >
>> > I thought about adding 'pagination' on the "application overview" page,
>> > similar like we do on the installations.
>> >
>> > -Matthias
>> >
>> >
>> >
>> > >
>> > > >
>> > > >
>> > > > >
>> > > > > >From my understanding, Keycloak will just manage these users and
>> > > unless
>> > > > > something has changed, we provide the fine grained authorization
>> model
>> > > on
>> > > > > UPS. Like
>> > > > > we did in the past.
>> > > > >
>> > > >
>> > > > yeah, the users live in Keycloak - we somehow differentiate on the
>> > > > role/user if we do a "select all" or just those for the specific
>> user
>> > > >
>> > > >
>> > > > >
>> > > > > Am I correct?
>> > > > >
>> > > > > [1] -
>> > > http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html
>> > > > >
>> > > > > On 2014-10-08, Matthias Wessendorf wrote:
>> > > > > > Hi,
>> > > > > >
>> > > > > > as of today, we have a single user (admin), to revisit that we
>> have
>> > > > > > AGPUSH-697 (see [1]).
>> > > > > >
>> > > > > > Based on changes over the months (e.g new UI and being based on
>> > > > > Keycloak),
>> > > > > > I have updated our old spec/gist:
>> > > > > > https://gist.github.com/matzew/ed0055000a8347488a37
>> > > > > >
>> > > > > > Greetings,
>> > > > > > Matthias
>> > > > > >
>> > > > > > [1] https://issues.jboss.org/browse/AGPUSH-697
>> > > > > >
>> > > > > > --
>> > > > > > Matthias Wessendorf
>> > > > > >
>> > > > > > blog: http://matthiaswessendorf.wordpress.com/
>> > > > > > sessions: http://www.slideshare.net/mwessendorf
>> > > > > > twitter: http://twitter.com/mwessendorf
>> > > > >
>> > > > > > _______________________________________________
>> > > > > > aerogear-dev mailing list
>> > > > > > aerogear-dev at lists.jboss.org
>> > > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> > > > >
>> > > > >
>> > > > > --
>> > > > >
>> > > > > abstractj
>> > > > > PGP: 0x84DC9914
>> > > > > _______________________________________________
>> > > > > aerogear-dev mailing list
>> > > > > aerogear-dev at lists.jboss.org
>> > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Matthias Wessendorf
>> > > >
>> > > > blog: http://matthiaswessendorf.wordpress.com/
>> > > > sessions: http://www.slideshare.net/mwessendorf
>> > > > twitter: http://twitter.com/mwessendorf
>> > >
>> > > > _______________________________________________
>> > > > aerogear-dev mailing list
>> > > > aerogear-dev at lists.jboss.org
>> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> > >
>> > >
>> > > --
>> > >
>> > > abstractj
>> > > PGP: 0x84DC9914
>> > > _______________________________________________
>> > > aerogear-dev mailing list
>> > > aerogear-dev at lists.jboss.org
>> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> > >
>> >
>> >
>> >
>> > --
>> > Matthias Wessendorf
>> >
>> > blog: http://matthiaswessendorf.wordpress.com/
>> > sessions: http://www.slideshare.net/mwessendorf
>> > twitter: http://twitter.com/mwessendorf
>>
>> > _______________________________________________
>> > aerogear-dev mailing list
>> > aerogear-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141009/55db1ede/attachment-0001.html

More information about the aerogear-dev mailing list