Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Base security

The object_data security domain is applied for any CRUD operation until the secure parameter is set to true in service configuration, or with the secure request parameter.

Additional security rules

Info

See https://crossmedia.atlassian.net/wiki/spaces/WD/pages/2082209793/Upgrading+to+2021.6#The-release-now-integrates-the-domains-and-actions-of-security

As a default, security rules defined in configuration are applied before any action, making sure the user is allowed to view / update / create / delete / workflow…

Additional rules can be added for REST access to data. Such rules need to be created in the RESTAPI domain.

Domain

...

All the REST API is ruled by one domain, called RESTAPI. Many actions allow to configure access to different end points. The domain must exists but If the domain exists, it can be deactivated to disable all rules.

dam_asset

The action dam_list_headers defines the access of asset end point (also for asset by type end points).

Parameters

  • surfer: the surfer who wants to invoke the end point

dam_list_headers

The action dam_list_headers defines the access of asset headers end point, dam topsearch headers end point, and also asset by types end points.

Parameters

  • surfer: the surfer who wants to invoke the end point

data_read

The action data_read defines the access of DAM and DATA end points to retrieve resource by id.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_list

The action data_list defines the access of resource list (infinite or paginated)

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

The action data_search defines the access of DAM and DATA end points to search resource

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_resource

The action data_resource defines the access of DAM and DATA end points to get binary resources (file or image)

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_create

The action data_create defines the access of DAM and DATA end points for resource creation

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_update

The action data_update defines the access of DAM and DATA end points for resource modification

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_update_binary

The action data_update defines the access of DAM and DATA end points for binary resource modification

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_delete

The action data_delete defines the access of DAM and DATA end points for resource deletion

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_list_headers

The action data_list_headers defines the access of data list (infinite or paginated) headers end point, data topsearch headers end point.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

data_read_headers

The action data_read_headers defines the access of resource by id headers.

Parameters

  • objectName: the object name

  • surfer: the surfer who wants to invoke the end point

whoami

The action whoami defines the access rules to whoami end point.

Parameters

  • surfer: the surfer who wants to invoke the end point

userpref

The action userpref defines the access rules to user preference end points.

Parameters

  • method type of operation:

    • WRITE

    • READ

    • DELETE

  • namespace preference namespace

  • key preference key

  • name (optional) preference object name

  • surfer: the surfer who wants to invoke the end point

view

The action view defines the access rules to tree end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

tree

The action tree defines the access rules to tree end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

resource (file or image download)

The action resource defines the access rules to resource end poins.

Parameters

  • viewName: name of the view

  • surfer: the surfer who wants to invoke the end point

imageprocessing (imaging api)

The action imageprocessing defines the access rules to imaging end poins.

Parameters

  • actionName: name of the action

  • surfer: the surfer who wants to invoke the end point

collection actions

The actions collection_clear and collection_add respectively defines rules for deleting or adding items to collections.

Parameters

  • actionName: name of the action

  • surfer: surfer

create or update actions

Actions

  • create: create action

  • update: update action

  • patch: partial update action

  • workflow_do: workflow change action

  • workflow_actions: available workflow actions list

  • locks_get: lock read

  • lock: lock action

  • unlock: unlock action

Parameters

  • actionName: name of the action

  • surfer: surfer

delete actions

The action delete defines rules for deleting resources.

Parameters

  • actionName: name of the action

  • surfer: surfer

extension services

The action extension_invoke defines rules for deleting resources.

Parameters

  • service: name of the service

  • surfer: surfer

catalog services

The action catalog defines rules to get list of available views or actions (legacy JSon services only).

Parameters

  • endPoint: name of the end point

  • surfer: surfer

Available end points

  • view: views

  • tree: treeviews (or treepath) views

  • update : create or update actions

  • resource : binary file or image retrieve actions

  • imageprocessing : image processing actions

  • extension: extension services

Security rules summary table

...

Action

...

Parameters

...

catalog

...

surfer, endPoint

...

collection_add

...

surfer, actionName

...

collection_clear

...

surfer, actionName

...

create

...

surfer, actionName

...

dam_asset

...

surfer

...

dam_list_headers

...

surfer

...

dam_search

...

surfer, objectName

...

data_create

...

surfer, objectName

...

data_delete

...

surfer, objectName

...

data_list

...

surfer, objectName

...

data_list_headers

...

surfer, objectName

...

data_read

...

surfer, objectName

...

data_read_headers

...

surfer, objectName

...

data_resource

...

surfer, objectName

...

data_search

...

surfer, objectName

...

data_update

...

surfer, objectName

...

data_update_binary

...

surfer, objectName

...

delete

...

surfer, actionName

...

extension_invoke

...

surfer, service

...

imageprocessing

...

surfer, actionName

...

lock

...

surfer, actionName

...

locks_get

...

surfer, actionName

...

patch

...

surfer, actionName

...

resource

...

surfer, viewName

...

tree

...

surfer, viewName

...

unlock

...

surfer, actionName

...

update

...

surfer, actionName

...

userpref

...

surfer, method, namespace, key, name

...

view

...

surfer, viewName

...

whoami

...

surfer

...

workflow_do

...

surfer, actionName

...

workflow_actions

...

surfer, actionName

...

If the domain exists, but not a endpoint action, the global action is used to control access. If the global action doesn’t existe, the access is granted or not depending of the value of the plugin parameter allowAccessIfActionDoesntExist (see Appendix1 (Configuration) ).

Global action

One action can be used to rule all service access : api.

The parameters for this action are:

Name

Type

Description

Optional

request

wsnoheto.securite.parameter.RequestParameter

The HTTP request

No

endPoint

wsnoheto.securite.parameter.StringParameter

The ID of endpoint

No

endPointType

wsnoheto.securite.parameter.StringParameter

Type of endpoint

No.

surfer

wsnoheto.securite.parameter.SurferParameter

The surfer

No

objectName

wsnoheto.securite.parameter.StringParameter

The structure object name

Yes. Depends on the endpoint.

resourceName

wsnoheto.securite.parameter.StringParameter

The resource name

Yes. Depends on the endpoint.

fieldName

wsnoheto.securite.parameter.StringParameter

The name of the object field

Yes. Depends on the endpoint.

preset

wsnoheto.securite.parameter.StringParameter

The name of the preset

Yes. Depends on the endpoint.

You can control access to a particular endpoint by a specific action by creating one whose name is the ID of the corresponding endpoint parameter.

Info

Some parameters may not be present depending on the service. Refer to the descriptions of the specific actions/endpoints to see which parameters are specified in each case.

Parameter mappings

In the global action, some parameters of specific actions are mapped to standard parameters:

Specific action parameter name

Global action parameter name

actionName

resouceName

viewName

resouceName

service

resourceName

Specific actions per endpoint

All the REST API is ruled by one domain, called RESTAPI. Many actions allow to configure access to different end points.

Endpoint ID

Endpoint type

Description

catalog

catalog endpoints (legacy services)

Parameters

request

surfer

endPoint = endPointType

endPointType

collection_add

collection

add item to collection

Parameters

request

surfer

actionName

endPointType

collection_clear

collection

remove collection items

Parameters

request

surfer

actionName

endPointType

create

createorupdate

create endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

dam_aggs

dam

aggregates endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_asset

dam

assets list (also assets by type/nature) endpoint

Parameters

request

surfer

endPointType

dam_asset_aggs

dam

assets aggregates endpoint (dam)

Parameters

request

surfer

endPointType

dam_asset_headers

dam

asset list headers endpoint

Parameters

request

surfer

endPointType

dam_catalog

dam

catalog endpoint (dam)

Parameters

request

surfer

endPoint = endPointType

endPointType

dam_create

dam

create endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_delete

dam

delete endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_list

dam

list endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_list_headers

dam

list headers endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_lock

dam

lock endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_read

dam

data read endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_read_headers

dam

read headers endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_preset

dam

preset endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_preview

dam

preview endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_resource

dam

binary resource endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_search

dam

search endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

data_show_workflow

dam

show workflow endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_tree

dam

tree endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_unlock

dam

unlock endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_update

dam

update endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_update_binary

dam

update binary endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_workcopy

dam

workcopy endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

dam_workflow

dam

workflow endpoint (dam)

Parameters

request

surfer

resourceName

objectName

endPointType

data_aggs

data

aggregates endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_assign

data

data collection item assignation end point (data)

Parameters

request

surfer

resourceName

objectName

fieldName

endPointType

data_catalog

data

catalog endpoint (data)

Parameters

request

surfer

endPoint = endPointType

endPointType

data_create

data

create endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_delete

data

delete endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_list

data

list endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_list_headers

data

list headers endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_lock

data

lock endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_read

data

data read endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_read_headers

data

read headers endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_resource

data

binary resource endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_show_workflow

data

show workflows

Parameters

request

surfer

resourceName

objectName

endPointType

data_tree

data

tree endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_preset

data

preset endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_preview

data

preview endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_search

data

search endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_show_workflow

data

show workflow endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_unlock

data

unlock endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_update

data

update endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_update_binary

data

update binary endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_workcopy

data

workcopy endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

data_workflow

data

workflow change endpoint (data)

Parameters

request

surfer

resourceName

objectName

endPointType

delete

delete

delete endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

extension_invoke

extension

extension service invokation (legacy)

Parameters

request

surfer

service

endPointType

imageprocessing

imageprocessing

image processing endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

lock

createorupdate

lock endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

locks_get

createorupdate

lock status get endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

massimport_aggs

massimport

aggregates endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_assign

massimport

data collection item assignation end point (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_create

massimport

create endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_aggs

massimport

aggregates endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_assign

massimport

data collection item assignation end point (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_create

massimport

create endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_delete

massimport

delete endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_list

massimport

list endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_list_headers

massimport

list headers endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_lock

massimport

lock endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_read

massimport

data read endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_read_headers

massimport

read headers endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_preset

massimport

preset endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_preview

massimport

preview endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_resource

massimport

binary resource endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_search

massimport

search endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_show_workflow

massimport

show workflow endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_tree

massimport

tree endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_unlock

massimport

unlock endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_update

massimport

update endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_update_binary

massimport

update binary endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_workcopy

massimport

workcopy endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_data_workflow

massimport

workflow change endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_delete

massimport

delete endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_job_changestate

massimport

job change status endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_job_import

massimport_import

job file import endpoint (massimport)

Parameters

request

surfer

endPointType

massimport_job_import_delete

massimport_import

delete job file import endpoint (massimport)

Parameters

request

surfer

endPointType

massimport_list

massimport

list endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_list_headers

massimport

list headers endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_lock

massimport

lock endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_preset

massimport

preset endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_preview

massimport

preview endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_read

massimport

data read endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_read_headers

massimport

read headers endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_resource

massimport

binary resource endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_show_workflow

massimport

show workflow endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_search

massimport

search endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_tree

massimport

tree endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_unlock

massimport

unlock endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_update

massimport

update endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_update_binary

massimport

update binary endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_workcopy

massimport

workcopy endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

massimport_workflow

massimport

workflow change endpoint (massimport)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_assign

profile

data collection item assignation end point (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_create

profile

create endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_delete

profile

delete endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_list

profile

list endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_list_headers

profile

list headers endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_lock

profile

lock endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_preset

profile

preset endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_preview

profile

preview endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_resource

profile

binary resource endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_search

profile

search endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_unlock

profile

unlock endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_update

profile

update endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_updatebinary

profile

update binary endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_update_me

profile

user update himself endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_delete_me

profile

user delete himself endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

profil_workcopy

profile

workcopy endpoint (profile)

Parameters

request

surfer

resourceName

objectName

endPointType

resource

resource

resource endpoint (legacy)

Parameters

request

surfer

viewName

endPointType

tree

tree

treeview endpoint (legacy)

Parameters

request

surfer

viewName

endPointType

patch

createorupdate

patch endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

unlock

createorupdate

unlock endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

update

createorupdate

update endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

usermention_delete

usermention

usermention delete endpoint

usermention_list

usermention

usermention list endpoint

usermention_markread

usermention

mark usermention read endpoint

usermention_read

usermention

read usermention endpoint

usermention_read_headers

usermention

read headers usermention endpoint

usermention_unread

usermention

unread usermention count endpoint

userpref

system

user preference endpoint

Parameters

request

surfer

method (READ, WRITE, DELETE)

namespace

key

name

variation

variation

variation (preset) endpoint

Parameters

request

surfer

resourceName

objectName

endPointType

preset

view

view

view endpoint (legacy)

Parameters

request

surfer

viewName

endPointType

whoami

system

whoami endpoint

Parameters

request

surfer

workflow_actions

createorupdate

workflow action list endpoint (legacy)

Parameters

request

surfer

actionName

endPointType

workflow_do

createorupdate

workflow change endpoint (legacy)

Parameters

request

surfer

actionName

endPointType