| Table of Contents | ||||
|---|---|---|---|---|
|
Prior to version
| Status | ||
|---|---|---|
|
...
version: The only available version for patterns is
v1but introducing a version in patterns will ease further improvements and ease ascendent compatibility. Until new versions are available, just keep in mind that natively handled permissions start with “v1”.domain: The domain of the security rule that this permission will act on. As of
,Status title 2021.3.0 objectdataandboardsare handledaction: The action within the domain that this permission will act on. As of
, all actions from objectdata domain can be handled.Status title 2021.3.0 modifiers: Modifiers will define the context for which the action will be granted. Modifiers vary from one action to the other:
objectdata
insert action: 1 modifier is to be defined: creationMode. Therefore, all insert permissions follow this pattern:
v1/objectdata/insert/<creationMode>changestatus action: 3 modifiers are to be defined: workflowAction, instanceStatus, ownership. Therefore, all changestatus permissions follow this pattern:
v1/objectdata/changestatus/<workflowAction>/<instanceStatus>/<ownership>other objectdata actions (delete, i18nfieldstranslate, order, retrievecaption, update, view): 2 modifiers are to be defined: instanceStatus, ownership. Therefore, all those actions follow this pattern:
v1/objectdata/<action>/<instanceStatus>/<ownership>
boards
makepublicboard action: No modifiers - permission is granted or not
shareboard action: 3 modifiers are to be defined: boardVisibility, boardType, ownership,
...
$online: An online marked state$archived: An archived marked state$offline: A state that is neither marked online not archived$initialstatus: The initial state of the instance (usually = 2)$anystatus: Any state<customMetaStatus>: It is possible to create custom names regrouping several states (see further)<statusID>: It is possible to reference a status ID directly (New in
)Status title 2022.3.0
ownership
Ownership allows to limit a permission to the owner property of an instance. 2 keywords are available
...
Groups allow to centralize multiple permissions on one or many obectsobjects, for one or many roles and one or many users.
...
/api/packaged/admin/security/surfer-bases/<userId>
Cheat sheet
Find for each managed domain / action, the permission pattern
...
domain
...
action
...
permission pattern
...
boards
...
makePublicBoard
...
v1/boards/makepublicboard
...
boards
...
shareBoard
...
v1/boards/shareboard/:boardVisibility/:boardType/:ownership
...
objectdata
...
changeStatus
...
v1/objectdata/changestatus/:workflowAction/:instanceStatus/:ownership
...
objectdata
...
delete
...
New in 2022.3.0
New handled actions in objectdata domain
Following actions were added to objectdata domain and can be handled with @pkgV1Objectdata
broadcastVideo
defineVideoPoster
editPicture
editVideoChapters
editVideoSubtitles`
embed
manageVideoCallToActions
manageVideoRolls
order
sliceVideo
All these actions follow the pattern v1/objectdata/<action>/<instanceStatus>/<ownership>
New handled domains
From
| Status | ||
|---|---|---|
|
Domain applications
applications domain defines one action isAvailable allowing to grant access on an application base on a code (parameter applicationname).
By default, the BackOffice application has for code bo, portal front-end has for code portal, Office pickers have for code officeassetpicker and all other pickers have for code assetpicker.
Permissions for this action have the pattern:
v1/applications/<action>/<applicationname>. As only one action is available as of
| Status | ||
|---|---|---|
|
v1/applications/isavailable/<applicationname>The macro @pkgV1Applications handles permissions checks. Note that as others PACKAGED_Security macros, the action ne is to be passed as an argument:
| Code Block |
|---|
@pkgV1Applications('isAvailable') |
Domain objectactions
objectactions domain allows to define permissions on actions on an object type, with no restriction on an instance. Its primary goal is to help displaying actions triggers targeting multiple objects.
PACKAGED_Security plugin provides a new macro for handling objectactions domain actions: @pkgV1ObjectActions. As for @pkgV1Objectdata, this macro takes one argument: the name of the action to test permissions for.
@pkgV1ObjectActions is defined to check for an objectname if some permissions were given to a user for the corresponding objectdata action → No additional configuration is required on objectactions: an action from objectactions domain will be granted if some permissions were given on objectdata
Equivalences
objectactions action domain | tested objectdata action | |
|---|---|---|
create | insert | Check for existence of either
|
damimport | ||
massimport | ||
multiupdate | update | Check for existence of |
datavaluespicker | ||
broadcastVideo | broadcastVideo | Check for existence of |
defineVideoPoster | defineVideoPoster | Check for existence of |
delete | delete | Check for existence of |
editPicture | editPicture | Check for existence of |
editVideoChapters | editVideoChapters | Check for existence of |
editVideoSubtitles | editVideoSubtitles | Check for existence of |
embed | embed | Check for existence of |
manageVideoCallToActions | manageVideoCallToActions | Check for existence of |
manageVideoRolls | manageVideoRolls | Check for existence of |
order | order | Check for existence of |
sliceVideo | sliceVideo | Check for existence of |
Cheat sheet
Find for each managed domain / action, the permission pattern
domain | action | permission pattern |
|---|---|---|
applications | isAvailable |
|
boards | makePublicBoard |
|
boards | shareBoard |
|
objectdata | broadcastVideo |
|
objectdata | changeStatus |
|
objectdata | defineVideoPoster |
|
objectdata | delete |
|
objectdata | editPicture |
|
objectdata | editVideoChapters |
|
objectdata | editVideoSubtitles |
|
objectdata | embed |
|
objectdata | i18nFieldsTranslate |
|
objectdata | insert |
|
objectdata | manageVideoCallToActions |
|
objectdata | i18nFieldsTranslatemanageVideoRolls |
|
objectdata | insertorder |
|
objectdata | orderretrieveCaption |
|
objectdata | retrieveCaptionsliceVideo |
|
objectdata | update |
|
objectdata | view |
|
Find available values for modifiers
modifier | value | description |
|---|---|---|
applicationName |
| Name of the application (BackOffice → |
boardVisibility |
| A board that is not private |
| A private board | |
| A board private or not | |
boardType |
| Any type of board |
| A board of type | |
creationMode |
| Only fresh new instances |
| Only copies | |
| Any mode | |
instanceStatus |
| An online marked state |
| An archived marked state | |
| A state that is neither marked online not archived | |
| The initial state of the instance (usually = 2) | |
| Any state | |
| A custom meta state | |
| The ID of a status | |
ownership |
| User must be the owner of the instance to be able to perform an action |
| No restriction on ownership | |
| Specific to boards domain - Identify the surfer as a collaborator on a board | |
workflowAction |
| Publishing action: performing a workflow action that will move the instance in an online marked state |
| Archiving action: performing a workflow action that will move the instance in an archived marked state | |
| Forward action: performing an action marked forward, and that will not lead to online or archived marked state. | |
| Backward action: performing an action NOT marked forward, and that will not lead to online or archived marked state. | |
| Any process action: performing that will not lead to online or archived marked state. | |
| Any workflow action (including publishing and archiving actions) | |
| If none of the above keywords, the action name is taken as is and resolved base on the instance’s workflow |