Versions Compared

Old Version 1

changes.mady.by.user Guillaume LEPICARD

Saved on

compared with

New Version 2

changes.mady.by.user Guillaume LEPICARD

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • version: The only available version for patterns is v1 but introducing a version in patterns will ease further improvements and ease ascendent compatibility. Until new versions are available, just keep in mind that natively handled permissions start with “v1”.

  • domain: The domain of the security rule that this permission will act on. As of 2021.3.0, only objectdata is and boards are handled

  • action: The action within the domain that this permission will act on. As of 2021.3.0, all actions from objectdata domain can be handled.

  • modifiers: Modifiers will define the context for which the action will be granted. Modifiers vary from one action to the other:

    • objectdata

      • insert action: 1 modifier is to be defined: creationMode. Therefore, all insert permissions follow this pattern: v1/objectdata/insert/<creationMode>

      • changestatus action: 3 modifiers are to be defined: workflowAction, instanceStatus, ownership. Therefore, all changestatus permissions follow this pattern: v1/objectdata/changestatus/<workflowAction>/<instanceStatus>/<ownership>

      • other objectdata actions (delete, i18nfieldstranslate, order, retrievecaption, update, view): 2 modifiers are to be defined: instanceStatus, ownership. Therefore, all those actions follow this pattern: v1/objectdata/<action>/<instanceStatus>/<ownership>

    • boards

      • makepublicboard action: No modifiers - permission is granted or not

      • shareboard action: 3 modifiers are to be defined: boardVisibility, boardType, ownership,

Modifiers

Each modifier supports specific keywords to finely define the context.

boardVisibility

Allows to limit permission based on boards visibility:

  • $publicboard: Grants permission on a public board (private = 2)

  • $privateboard: Grants permission on a private board (private = 1)

  • $anyvisibilityboard: Grants permission regardless of visibility

boardType

Allows to limit permission based on the type of board:

  • $anyboardtype: Grants permission on any type of board

  • <type>: Grants permission on board of type <type>

creationMode

Creation mode represents how the instance is created. 3 keywords are available:

...

  • $selfowner: User must be the owner of the instance to be able to perform an action

  • $anyowner: No restriction on ownership

  • $boardcollaborator: Specific to boards domain - Identify the surfer as a collaborator on a board

Groups pkgsecugroup

Groups allow to centralize multiple permissions on one or many obects, for one or many roles and one or many users.

...

/api/packaged/admin/security/surfer-keys/<userId>

Cheat sheet

Find for each managed domain / action, the permission pattern

domain

action

permission pattern

boards

makePublicBoard

v1/boards/makepublicboard

boards

shareBoard

v1/objectdata/shareboard/:boardVisibility/:boardType/:ownership

objectdata

changeStatus

v1/objectdata/changestatus/:workflowAction/:instanceStatus/:ownership

objectdata

delete

v1/objectdata/delete/:instanceStatus/:ownership

objectdata

i18nFieldsTranslate

v1/objectdata/i18nfieldstranslate/:instanceStatus/:ownership

objectdata

insert

v1/objectdata/insert/:creationMode

objectdata

order

v1/objectdata/order/:instanceStatus/:ownership

objectdata

retrieveCaption

v1/objectdata/retrieveCaption/:instanceStatus/:ownership

objectdata

update

v1/objectdata/update/:instanceStatus/:ownership

objectdata

view

v1/objectdata/view/:instanceStatus/:ownership

Find available values for modifiers

modifier

value

description

boardVisibility

$publicboard

A board that is not private

$privateboard

A private board

$anyvisibilityboard

A board private or not

boardType

$anyboardtype

Any type of board

<type>

A board of type <type>

creationMode

$newcreation

Only fresh new instances

$copycreation

Only copies

$anycreation

Any mode

instanceStatus

$online

An online marked state

$archived

An archived marked state

$offline

A state that is neither marked online not archived

$initialstatus

The initial state of the instance (usually = 2)

$anystatus

Any state

<customMetaStatus>

A custom meta state

ownership

$selfowner

User must be the owner of the instance to be able to perform an action

$anyowner

No restriction on ownership

$boardcollaborator

Specific to boards domain - Identify the surfer as a collaborator on a board

workflowAction

$publish

Publishing action: performing a workflow action that will move the instance in an online marked state

$archive

Archiving action: performing a workflow action that will move the instance in an archived marked state

$forward

Forward action: performing an action marked forward, and that will not lead to online or archived marked state.

$backward

Backward action: performing an action NOT marked forward, and that will not lead to online or archived marked state.

$process

Any process action: performing that will not lead to online or archived marked state.

$anyaction

Any workflow action (including publishing and archiving actions)

<actionName>

If none of the above keywords, the action name is taken as is and resolved base on the instance’s workflow