[MAGNOLIA-8422] Implement security concept change Created: 19/May/22  Updated: 16/Aug/22  Resolved: 16/Aug/22

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Story Priority: Neutral
Reporter: Evzen Fochr Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Epic Link: Update backend of Security app (Norsu)
Team: AdminX

 Description   

Each module will bring its own acl security template maybe based on some default one.
Example:

#Module ACL's setup example:
apps:
  type: APP
  appList:
    - pages: #app name
        subapps:
          subapp1: #subapp name
            actions:
              - save
              - edit
              - rename
        subapp2:
          actions:
            - rename
    - dam:
        subapps:
          subapp1:
            actions:
              - edit
              - rename
        subapp2:
          actions:
            - rename
uri:
  type: URI
content:
  type: CONTENT
  basePaths:
    - pages:
      basePath: "/pages"
    - assets:
      basePath: "/assets"
 
#stored right list for role pages editor created from pages Module ACL's setup
uri:
  - travel:
    path: "/travel"
    right: GET_AND_POST # from GET|GET_AND_POST|DENY allowed by URI definition
  - sportStation:
    path: "/sportStation"
    right: GET_AND_POST # from GET|GET_AND_POST|DENY allowed by URI definition
content:
  - pages:
    path1:
      path: "/"
      environment: 0 #optional
      right: WRITE #from READ|WRITE|DENY allowed by CONTENT definition
      depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS
  - assets:
    travel:
      path: "/travel"
      environment: 0 #optional
      right: READ #from READ|WRITE|DENY allowed by CONTENT definition
      depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS
    sportStation:
      path: "/sportStation"
      environment: 0 #optional
      right: READ #from READ|WRITE|DENY allowed by CONTENT definition
      depth: INCLUDING_SUB-PATHS # from EXACT_PATH|SUB-PATHS_ONLY|INCLUDING_SUB-PATHS
apps:
  - pages:
    right: ALLOW #from ALLOW|DENY
    browser:
      edit:
        right: ALLOW #from ALLOW|DENY
  - dam:
    right: ALLOW #from ALLOW|DENY
      browser:
        view:
          right: ALLOW #from ALLOW|DENY

and we store for role values according to this template.

We need to version it to check if there is need of administrator change after template change.

We need to think about base path for module related content so content paths will be relative to this content. Is it needed/wanted?



 Comments   
Comment by Evzen Fochr [ 16/Aug/22 ]

Duplicated and improved by SECURITY-9 and SECURITY-10

Generated at Mon Feb 12 04:32:37 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.