How to get from orion all subscriptions inserted by owners

[pasquy73]

I need to filter subscriptions through logged users (i.e. user_id or organization_id) in a generic context. The requirements are that any users can manage (edit or delete) only own subscriptions. As far as I know, there isn't APIs to filter subscriptions by userid, so how can get from orion all subscriptions inserted by owners? I think it could be a new feature to add in orion.

[kzangeli]

This seems like not one but two issues:

1. Filter in GET .../subscriptions to see only the ones created by X
2. Security - avoid for just anybody with access to the broker to modify/delete subscriptions

For (1) we'd need to add a field in the subscription, some kind of "owner id", and then of course a way of filtering over that field. Not too difficult to implement, if all agree that it is interesting.

The second item is a bit trickier. The security in orion is not part of orion but in other "Brother GEs". Might be that you can accomplish what you need, but it's not orion that does it.

BTW, in APIv1, if I recall correctly, when creating a subscription (and registration), the ID is returned in the response, but only there. As you need to know the ID in order to modify/delete, the security part (2) was somehow covered. Perhaps that could be a simple solution - add a "secret: true" field to the subscription creation that would make the broker not share the ID of the subscription?

[pasquy73]

Thanks Ken for your response. I was thinking to add a new optional 'fiware header' when you are going to create a subscription, i.e. fiware-userid. So, when you want to retrieve subscriptions you can filter them throught that fiware-userid if it exists. If you don't use fiware-userid, you can get all subscription (normal execution).

[fgalan]

Moved as question to https://stackoverflow.com/questions/57078839/how-to-get-from-orion-all-subscriptions-inserted-by-owners.

Closing issue.