Public assets access : Update to asset variations access control

Background

The engine has supported filtering downloadable asset variations through the variations/view security domain/action since version 11.30.1 (February 2021). However, the packaged application previously used a different approach.

Previous Implementation

The front-end application controlled variation access through:

• A child-multiple property resolution on the user's assigned role

• Resolution availability checks at application boot or user sign-in

• Comparison between asset nature and available resolutions from the engine API

This approach had several limitations:

• Created inconsistencies in variations availability

• Made the permission system difficult to understand

• Complicated integration with non-connected users using restapiapp instances (whether linked directly to a role or through mapped users)

New Implementation

The packaged application now provides a default implementation of variations/view that performs the previous front-end checks at the backend level. This change offers:

• Better consistency between backend and frontend

• Centralized security management

• Simplified public asset variation downloads

• Lighter response from the dam/data/user endpoint

Configuration Steps

1. Security Domain Setup

1. Enable the variations security domain

2. Activate the view action within the variations domain

2. Rule Configuration

Configure the following default packaged rules:

Create rule WEDIA Packaged - Default rule with following content

Create WEDIA Packaged - Developer with following content

3. resolution Object Configuration

Add the rest_api_include tag to the resolution object. This will allow the FO to retrieve functional variations

Remove the rest_api_dam_data/@usernested tag from the nature property

Add the rest_api_dam_data/codetag to the nature property

4. role Object configuration

Remove the usernested tag from the resolutions property of the role object

Version Upgrade Changelog

Structures changes

asset

Fields changes

• descriptionfr

  • Tags:

    • Added: rest_api_include

• descriptionde

  • Tags:

    • Added: rest_api_include

Creative workflow structure updates

Variations corrections : Structure updates on resolution & role

https://crossmedia.atlassian.net/browse/WXM-17207

Rest-api bulkupload debug structure

PACKAGED_Portal : Default config update

api

portals

spaces

Plugins changes

PACKAGED_DAM_Utils

plugin.xml

• Parameters:

  • ADDED disable_dam_fileview_config (boolean - default true)

    • Since the default application now provides a centralized mechanism for filtering variations proposed to download, this new parameter allows to disable the previous dam_fileview_config parameter that had been introduced to filter variations downloads from the BO.

  • UPDATED dam_denormalization_config:

    • default value:

      •  

        Open

        

         

        Open

        

PACKAGED_LLM

plugin.xml

• Parameters:

  • ADDED translate_response:

    • type: boolean

    • mandatory: false

    • description: If set to true, will chain LLM response with translation

    • default value: true

  • ADDED specific_translations_locales:

    • type: string

    • mandatory: false

    • description: Lists of locales in which you want to translate the results. If omitted, active lang instances are used. Example: 'fr,es-MX'

    • default value:

PACKAGED_Portals

plugin.xml

• Services:

  • ADDED com.wedia.packaged.portals.extensions.AssetsInPublicPortalWhereBusinessService (com.noheto.extensions.interfaces.services.AbstractPreparedWhereBusinessService)

  • ADDED com.wedia.packaged.portals.extensions.PackagedPubliclyAccessibleAssetsInPortal (com.noheto.extensions.interfaces.services.AbstractPreparedWhereBusinessService)

• Parameters:

  • ADDED enable_public_portal_assets_access_for_roles:

    • type: string

    • mandatory: false

    • description: Coma separated list of roles for which assets access is granted through a public portal

    • default value: 1

  • ADDED portal_assets_extend_bases:

    • type: string

    • mandatory: false

    • description: Name of the bases that should be extended to grant access to assets from a public portal to users of role defined in enable_public_portal_assets_access_for_roles

    • default value: base_list,base_search,base_search_list

  • ADDED publicly_accessible_assets_in_public_portals_base_name:

    • type: string

    • mandatory: false

    • description: Name of the base that should be used to extend to grant access to assets from a public portal

    • default value: packaged_publicly_accessible_assets_in_public_portal

PACKAGED_Versions

plugin.xml

• Services:

  • ADDED com.wedia.packaged.versions.extensions.PluginLifeCycle (com.noheto.extensions.interfaces.services.IPluginLifeCycleBusinessService)

Rewriting changes

https://crossmedia.atlassian.net/browse/WXM-17489

Inbound changes

UPDATED [STARTER-KIT] PORTAL static resources (b24678d00d2d3045f60b87d0de8ffb6d5cc4)

• from: ^(?:/(?:dam/wedia|wedia-config)(?:-([^/]+))?/((?:fonts|addons|css|js|img)/|([^/]*\.[^/]+))) --> ^(?:/(?:dam/wedia|wedia-config|design-system)(?:-([^/]+))?/((?:fonts|addons|css|js|img)/|([^/]*\.[^/]+)))

NEW [STARTER-KIT] DESIGN SYSTEM main entry point (9250ad740da8c04f7c0b0630080ddfd295e3)

• activated: true

• description:

• from: ^/design-system(?:-([^/]+))?(/.*)?

• to: /_plugins/PACKAGED_Portal$1/page/design-system.jspz?branch=$1

• condition:

• encodeReplacement: false

• sending: true

• sendingOp: 1

• skip: true

Security changes

https://crossmedia.atlassian.net/browse/WXM-17207

Domains changes

variations

• Enabled: false --> true

view

• Rule

  • WEDIA Packaged - Default rule

  • WEDIA Packaged - Developper