Integration Specifics

The User Management system application provides some integration points for APS applications as considered here.

Integration Points

There are two main parts to manage users in the platform:

  • Service user wizard (SUWizard) for the mass operation of creating users and assigning services during this process

  • User manager for managing application resources in order to assign them to the existing users, configure, or remove them:

    • Show data about assigned application services in the list of users

    • Manage application services in the user profile

There are typical operations to provide and configure services for users that an application can integrate with:

The User Management application exposes the following placeholders for plugging views and view-plugins of other APS applications:

  • A placeholder of the Service User Wizard (SUWizard) that creates users.

  • Placeholders of the User Manager that shows the list of users and allows managing existing users individually through their user profiles.

PLACEHOLDER

View Type

Purpose

http://www.aps-standard.org/ui/service/suwizard.new/2

View

Assign service during user creation

http://www.parallels.com/ccp-users#usersview

View-plugin

Service information in the list of users

http://www.parallels.com/ccp-users#userInfo

View-plugin

Service management in user profile

Note

To plug into a User Management placeholder, the corresponding APS type must implement the APS core user service type. This implementation also adds a strong relation with the APS core user type.

Integration Steps

Generally, an APS application is integrated with the User Management through the following steps.

  1. In metadata, declare navigation trees separately for the integrated views (using the <view> </view> pair) and for view-plugins (using the <view-plugin> </view-plugin> pair), like in this example:

    <navigation id="suwizard">
       <view id="addUserService" label="Add VPS"
          src="ui/addUserService.js">
          <plugs-to id="http://www.aps-standard.org/ui/service/suwizard.new/2" />
       </view>
    </navigation>
    
    <navigation id="plugins">
       <view-plugin id="vpsUserListPlugin" src="ui/plugins/vpsUserListPlugin.js">
          <plugs-to id="http://www.parallels.com/ccp-users#usersview" />
       </view-plugin>
       <view-plugin id="vpsUserPlugin"
          src="ui/plugins/vpsUserPlugin.js">
          <plugs-to id="http://www.parallels.com/ccp-users#userInfo" />
       </view-plugin>
    </navigation>
    
  2. Each view or view-plugin that is going to use the Business API to interact with the User Management must declare the special placeholder to make the respective system module plug to this placeholder:

    <plugin-placeholder id=“http://www.aps-standard.org/core/package#biz" />
    
  3. To comply with the requirements to the APS type, the latter must implement the APS core user service type to have a relation with the APS core user type. Declare it using the PHP runtime as in the following example:

    /**
     * @type("http://aps-standard.org/samples/suwizard1p/vps/1.0")
     * @implements("http://aps-standard.org/types/core/user/service/1.0")
     */
    class vps extends APS\ResourceBase {
             ...
    }
    

    or directly in the *.schema file:

    "implements": [
       "http://aps-standard.org/types/core/user/service/1.0"
    ],
    
  4. In the plugged JavaScript sources, define the methods that the User Management application calls when executing its own operations. The methods are described in this document.

Permissions

Take into account the following mechanisms of assigning permissions for a user to an assigned service:

  • As explained in Role Assignment, by default a user plays the referrer role when operating the assigned service and it is possible to specify explicitly another role (owner or admin) for users whom the service will be assigned to.

  • In accordance with the default permissions, the referrer role is able to read the properties of an assigned resource and run the operations defined through the GET verb. The owner and admin roles are granted all permissions to the resource, its properties, and operations. Using the access attributes, it is possible to redefine permissions for the roles.

As follows from the above, you can provide the following ways for users to manage assigned resources:

  • Define custom operations based on the GET verb. In this case, granting the default referrer role to users is quite enough. In the User Management demo project, the start and stop operations allow users to change server state.

  • Configure access to assigned resources, their properties, and operations for the referrer role directly by means of the access attributes. In this case, a user can change resource properties by sending PUT requests or even delete them by sending DELETE requests.

  • Assign the owner role to users by means of the assign object in the user relation that links a resource with a user. In this case, you grant the users all permissions unless you do not redefine them by the access attribute.

Role assignment is demonstrated in the optional proof of concepts section of the User Management demo project.