Versions Compared

Old Version 12

changes.mady.by.user Guillaume LEPICARD

Saved on

compared with

New Version 13

changes.mady.by.user Guillaume LEPICARD

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

<version>/<domain>/<action>/[modifiers]+For instance named

Example: A pkgsecupremission instance is defined with following with properties:

  • name: “Update owned offline“

...

  • permission: v1/objectdata/update/$offline/$selfowner

...

Such permission grants to update instances in an offline status (status is not online and not archived) that he the operating user owns (object.owner == surfer.id)

Patterns

  • version: The only available version for patterns is v1 but introducing a version in patterns will ease further improvements and ease ascendent compatibility. Until new versions are available, just keep in mind that natively handled permissions start with “v1”.

  • domain: The domain of the security rule that this permission will act on. As of

    Status
    title2021.3.0
    , objectdataand boards are handled.
    Since
    Status
    title2022.3
    , objectactions and applications domain are handled

  • action: The action within the domain that this permission will act on. As of

    Status
    title2021.3.0
    , all actions from objectdata domain can be handled.
    Since
    Status
    title2022.3
    , new actions added to objectdata and objectactions are handled.

  • modifiers: Modifiers will define the context for which the action will be granted. Modifiers vary from one action to the other:

    • objectdata

      • insert action: 1 modifier is to be defined: creationMode. Therefore, all insert permissions follow this pattern: v1/objectdata/insert/<creationMode>

      • changestatus action: 3 modifiers are to be defined: workflowAction, instanceStatus, ownership. Therefore, all changestatus permissions follow this pattern: v1/objectdata/changestatus/<workflowAction>/<instanceStatus>/<ownership>

      • other objectdata actions (delete, i18nfieldstranslate, order, retrievecaption, update, view): 2 modifiers are to be defined: instanceStatus, ownership. Therefore, all those actions follow this pattern: v1/objectdata/<action>/<instanceStatus>/<ownership>

    • boards

      • makepublicboard action: No modifiers - permission is granted or not

      • shareboard action: 3 modifiers are to be defined: boardVisibility, boardType, ownership,

    • applications (since

      Status
      title2022.3
      )

      • isavailable action: 1 modifier is to be defined: applicationName. Therefore, all isavailable permissions follow this pattern: v1/applications/isavailable/<applicationName>

Modifiers

Each modifier supports specific keywords to finely define the context.

...