Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Base security

The object_data security domain is applied for any CRUD operation until the secure parameter is set to true in service configuration, or with the secure request parameter.

Additional security rules

As a default, security rules defined in configuration are applied before any action, making sure the user is allowed to view / update / create / delete / workflow…

Additional rules can be added for REST access to data. Such rules need to be created in the RESTAPI domain.

Domain and actions

All the REST API is ruled by one domain, called RESTAPI. Many actions allow to configure access to different end points. The domain must exists but can be deactivated to disable all rules.

dam_asset

The action dam_list_headers defines the access of asset end point (also for asset by type end points).

Parameters

  • surfer: the surfer who wants to invoke the end point

dam_list_headers

The action dam_list_headers defines the access of asset headers end point, dam topsearch headers end point, and also asset by types end points.

Parameters

  • surfer: the surfer who wants to invoke the end point

data_read

The action data_read defines the access of DAM and DATA end points to retrieve resource by id.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_list

The action data_list defines the access of resource list (infinite or paginated)

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

The action data_search defines the access of DAM and DATA end points to search resource

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_resource

The action data_resource defines the access of DAM and DATA end points to get binary resources (file or image)

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_create

The action data_create defines the access of DAM and DATA end points for resource creation

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_update

The action data_update defines the access of DAM and DATA end points for resource modification

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_update_binary

The action data_update defines the access of DAM and DATA end points for binary resource modification

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_delete

The action data_delete defines the access of DAM and DATA end points for resource deletion

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_list_headers

The action data_list_headers defines the access of data list (infinite or paginated) headers end point, data topsearch headers end point.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_read_headers

The action data_read_headers defines the access of resource by id headers.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

whoami

The action whoami defines the access rules to whoami end point.

Parameters

  • surfer: the surfer who wants to invoke the end point

userpref

The action userpref defines the access rules to user preference end points.

Parameters

  • method type of operation:

    • WRITE

    • READ

    • DELETE

  • namespace preference namespace

  • key preference key

  • name (optional) preference object name

  • surfer: the surfer who wants to invoke the end point

view

The action view defines the access rules to tree end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

tree

The action tree defines the access rules to tree end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

resource (file or image download)

The action resource defines the access rules to resource end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

imageprocessing (imaging api)

The action imageprocessing defines the access rules to imaging end poins.

Parameters

  • actionName: name of the action

  • surfer: the surfer who wants to invoke the end point

collection actions

The actions collection_clear and collection_add respectively defines rules for deleting or adding items to collections.

Parameters

  • actionName: name of the action

  • surfer: surfer

create or update actions

Actions

  • create: create action

  • update: update action

  • patch: partial update action

  • workflow_do: workflow change action

  • workflow_actions: available workflow actions list

  • locks_get: lock read

  • lock: lock action

  • unlock: unlock action

Parameters

  • actionName: name of the action

  • surfer: surfer

delete actions

The action delete defines rules for deleting resources.

Parameters

  • actionName: name of the action

  • surfer: surfer

extension services

The action extension_invoke defines rules for deleting resources.

Parameters

  • service: name of the service

  • surfer: surfer

catalog services

The action catalog defines rules to get list of available views or actions (legacy JSon services only).

Parameters

  • endPoint: name of the end point

  • surfer: surfer

Available end points

  • view: views

  • tree: treeviews (or treepath) views

  • update : create or update actions

  • resource : binary file or image retrieve actions

  • imageprocessing : image processing actions

  • extension: extension services

Security rules summary table

Action

Parameters

catalog

surfer, endPoint

collection_add

surfer, actionName

collection_clear

surfer, actionName

create

surfer, actionName

dam_asset

surfer

dam_list_headers

surfer

dam_search

surfer, objectName

data_create

surfer, objectName

data_delete

surfer, objectName

data_list

surfer, objectName

data_list_headers

surfer, objectName

data_read

surfer, objectName

data_read_headers

surfer, objectName

data_resource

surfer, objectName

data_search

surfer, objectName

data_update

surfer, objectName

data_update_binary

surfer, objectName

delete

surfer, actionName

extension_invoke

surfer, service

imageprocessing

surfer, actionName

lock

surfer, actionName

locks_get

surfer, actionName

patch

surfer, actionName

resource

surfer, viewName

tree

surfer, viewName

unlock

surfer, actionName

update

surfer, actionName

userpref

surfer, method, namespace, key, name

view

surfer, viewName

whoami

surfer

workflow_do

surfer, actionName

workflow_actions

surfer, actionName

Security rules extract

Code Block
<domain activated="0" libelle="Rest API" name="RESTAPI">
<action name="dam_asset">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
</action>
<action name="dam_list_headers">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
</action>
<action name="data_read">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_list">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_search">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="dam_search">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_resource">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_create">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_update">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_delete">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_update">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_list_headers">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="data_read_headers">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="objectName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="whoami">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
</action>
<action name="userpref">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="method" type="wsnoheto.securite.parameter.LowerStringParameter"/>
<param name="namespace" type="wsnoheto.securite.parameter.StringParameter"/>
<param name="key" type="wsnoheto.securite.parameter.StringParameter"/>
<param name="name" type="wsnoheto.securite.parameter.StringParameter"/>
</action>
<action name="view">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="viewName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="tree">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="viewName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="resource">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="viewName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="imageprocessing">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="collection_clear">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="collection_add">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="create">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="update">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="patch">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="workflow_do">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="workflow_actions">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="locks_get">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="lock">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="unlock">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="delete">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="actionName" type="wsnoheto.securite.parameter.LowerStringParameter"/>
</action>
<action name="extension_invoke">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="service" type="wsnoheto.securite.parameter.StringParameter"/>
</action>
<action name="catalog">
<param name="surfer" type="wsnoheto.securite.parameter.SurferParameter"/>
<param name="endPoint" type="wsnoheto.securite.parameter.StringParameter"/>
</action>
</domain>