[MAGNOLIA-4589] Improve security API to allow testing arbitrary user's permissions Created: 19/Oct/12 Updated: 19/May/22 Resolved: 19/May/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.5.3 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major |
| Reporter: | Tomas Brimor | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Date of First Response: |
| Description |
|
The security API should allow you to test an arbitrary user's permissons against a specific Magnolia resource. As it is now only the logged in user as found in the context is accessible for permission testing. Example of pseudo usage: workspace = "someworkspace" path = "/path/to/a/node" node = NodeUtil.getNode(workspace, path) userName = "myuser" userObj = Security.getUser(userName) hasPermission = Security.isGranted(userObj, node, Permission.READ) |
| Comments |
| Comment by Tomas Brimor [ 19/Oct/12 ] |
|
Related to SUPPORT-1525 Should include API for testing aginst the URL permissions as well. Consider a data type which is rendered by accessing a URL like mysite.com/databrowser/?id=123. If a specific user is to have access to this item it must both have the correct permission for the URL and permissions to read the data type resource. |
| Comment by Ondrej Chytil [ 22/Oct/12 ] |
|
Hi Thomas, thanks for handy idea. Should be implemented as part of Magnolia 5.0. |
| Comment by Roman Kovařík [ 19/May/22 ] |
|
Hello, This ticket is now marked as closed due to one of the following reasons:
If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you. Thank you, |