The User Management system application provides some integration points for APS applications as considered here.
In this document:
There are two main parts to manage users in the platform:
Service user wizard (SUWizard) for the mass operation of creating users and assigning services during this process
User manager for managing application resources in order to assign them to the existing users, configure, or remove them:
Show data about assigned application services in the list of users
Manage application services in the user profile
There are typical operations to provide and configure services for users that an application can integrate with:
Assign services to users when creating them in the system SUWizard
Monitor the list of users with services assigned to them
The User Management application exposes the following placeholders for plugging views and view-plugins of other APS applications:
A placeholder of the Service User Wizard (SUWizard) that creates users.
Placeholders of the User Manager that shows the list of users and allows managing existing users individually through their user profiles.
PLACEHOLDER |
View Type |
Purpose |
---|---|---|
|
View |
|
|
View-plugin |
|
|
View-plugin |
Note
To plug into a User Management placeholder, the corresponding APS type must implement the APS core user service type. This implementation also adds a strong relation with the APS core user type.
Generally, an APS application is integrated with the User Management through the following steps.
In metadata, declare navigation trees separately for the integrated views (using the <view> </view> pair) and for view-plugins (using the <view-plugin> </view-plugin> pair), like in this example:
<navigation id="suwizard">
<view id="addUserService" label="Add VPS"
src="ui/addUserService.js">
<plugs-to id="http://www.aps-standard.org/ui/service/suwizard.new/2" />
</view>
</navigation>
<navigation id="plugins">
<view-plugin id="vpsUserListPlugin" src="ui/plugins/vpsUserListPlugin.js">
<plugs-to id="http://www.parallels.com/ccp-users#usersview" />
</view-plugin>
<view-plugin id="vpsUserPlugin"
src="ui/plugins/vpsUserPlugin.js">
<plugs-to id="http://www.parallels.com/ccp-users#userInfo" />
</view-plugin>
</navigation>
Each view or view-plugin that is going to use the Business API to interact with the User Management must declare the special placeholder to make the respective system module plug to this placeholder:
<plugin-placeholder id=“http://www.aps-standard.org/core/package#biz" />
To comply with the requirements to the APS type, the latter must implement the APS core user service type to have a relation with the APS core user type. Declare it using the PHP runtime as in the following example:
/**
* @type("http://aps-standard.org/samples/suwizard1p/vps/1.0")
* @implements("http://aps-standard.org/types/core/user/service/1.0")
*/
class vps extends APS\ResourceBase {
...
}
or directly in the *.schema
file:
"implements": [
"http://aps-standard.org/types/core/user/service/1.0"
],
In the plugged JavaScript sources, define the methods that the User Management application calls when executing its own operations. The methods are described in this document.
Take into account the following mechanisms of assigning permissions for a user to an assigned service:
As explained in Role Assignment, by default a user plays the referrer
role when
operating the assigned service and it is possible to specify explicitly another role (owner
or admin
) for users
whom the service will be assigned to.
In accordance with the default permissions, the referrer
role is able
to read the properties of an assigned resource and run the operations defined through the GET verb.
The owner
and admin
roles are granted all permissions to the resource, its properties, and operations.
Using the access attributes, it is possible to redefine permissions for the roles.
As follows from the above, you can provide the following ways for users to manage assigned resources:
Define custom operations based on the GET verb. In this case, granting the default referrer
role to users
is quite enough. In the User Management demo project, the start
and stop
operations allow users
to change server state.
Configure access to assigned resources, their properties, and operations for the referrer
role directly by means of the
access attributes.
In this case, a user can change resource properties by sending PUT requests or even delete them
by sending DELETE requests.
Assign the owner
role to users by means of the assign object
in the user
relation that
links a resource with a user. In this case, you grant the users all permissions unless you do not redefine
them by the access attribute.
Role assignment is demonstrated in the optional proof of concepts section of the User Management demo project.