[MAGNOLIA-8422] Implement security concept change Created: 19/May/22 Updated: 16/Aug/22 Resolved: 16/Aug/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Story | Priority: | Neutral |
| Reporter: | Evzen Fochr | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Epic Link: | Update backend of Security app (Norsu) |
| Team: |
| Description |
|
Each module will bring its own acl security template maybe based on some default one.
#Module ACL's setup example:
apps:
type: APP
appList:
- pages: #app name
subapps:
subapp1: #subapp name
actions:
- save
- edit
- rename
subapp2:
actions:
- rename
- dam:
subapps:
subapp1:
actions:
- edit
- rename
subapp2:
actions:
- rename
uri:
type: URI
content:
type: CONTENT
basePaths:
- pages:
basePath: "/pages"
- assets:
basePath: "/assets"
#stored right list for role pages editor created from pages Module ACL's setup uri: - travel: path: "/travel" right: GET_AND_POST # from GET|GET_AND_POST|DENY allowed by URI definition - sportStation: path: "/sportStation" right: GET_AND_POST # from GET|GET_AND_POST|DENY allowed by URI definition content: - pages: path1: path: "/" environment: 0 #optional right: WRITE #from READ|WRITE|DENY allowed by CONTENT definition depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS - assets: travel: path: "/travel" environment: 0 #optional right: READ #from READ|WRITE|DENY allowed by CONTENT definition depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS sportStation: path: "/sportStation" environment: 0 #optional right: READ #from READ|WRITE|DENY allowed by CONTENT definition depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS apps: - pages: right: ALLOW #from ALLOW|DENY browser: edit: right: ALLOW #from ALLOW|DENY - dam: right: ALLOW #from ALLOW|DENY browser: view: right: ALLOW #from ALLOW|DENY and we store for role values according to this template. We need to version it to check if there is need of administrator change after template change. We need to think about base path for module related content so content paths will be relative to this content. Is it needed/wanted? |
| Comments |
| Comment by Evzen Fochr [ 16/Aug/22 ] |
|
Duplicated and improved by |