<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 00:36:30 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLCT-32] Security setup for content-types</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLCT-32</link>
                <project id="14481" key="MGNLCT">Content Types</project>
                    <description>&lt;p&gt;Content-types 0.5 and 0.6 was bringing two roles:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;content-base (RO)&lt;/li&gt;
	&lt;li&gt;content-editor (RW)&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;We want to evaluate how to move forward with the security/role setup for custom content types (and ensure a smooth transition if that was used before in Magnolia Cloud).&lt;/p&gt;</description>
                <environment></environment>
        <key id="65734">MGNLCT-32</key>
            <summary>Security setup for content-types</summary>
                <type id="3" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10898&amp;avatarType=issuetype">Task</type>
                                            <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="oanh.thai">Oanh Thai Hoang</assignee>
                                    <reporter username="mgeljic">Mika&#235;l Gelji&#263;</reporter>
                        <labels>
                    </labels>
                <created>Mon, 23 Apr 2018 10:00:06 +0200</created>
                <updated>Mon, 28 May 2018 01:43:11 +0200</updated>
                            <resolved>Tue, 22 May 2018 11:47:12 +0200</resolved>
                                                    <fixVersion>1.0</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                    <workratio workratioPercent="25"/>
                                    <progress percentage="25">
                                    <originalProgress>
                                                    <row percentage="100" backgroundColor="#89afd7"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="25" backgroundColor="#51a825"/>
                                                    <row percentage="75" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </progress>
                                    <aggregateprogress percentage="25">
                                    <originalProgress>
                                                    <row percentage="100" backgroundColor="#89afd7"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="25" backgroundColor="#51a825"/>
                                                    <row percentage="75" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </aggregateprogress>
                                    <timeoriginalestimate seconds="57600">2d</timeoriginalestimate>
                            <timeestimate seconds="43200">1.5d</timeestimate>
                            <timespent seconds="14400">0.5d</timespent>
                                <comments>
                            <comment id="160509" author="ngoc.nguyenthanh" created="Mon, 14 May 2018 11:56:58 +0200"  >&lt;h6&gt;&lt;a name=&quot;Currentimplementation&quot;&gt;&lt;/a&gt;Current implementation&lt;/h6&gt;
&lt;ul&gt;
	&lt;li&gt;Provided 2 roles
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;&lt;b&gt;content-base&lt;/b&gt;: Read only&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;content-editor: &lt;/font&gt;&lt;font color=&quot;#333333&quot;&gt;All permissions&lt;/font&gt;&lt;font color=&quot;#333333&quot;&gt;&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Whenever a workspace is created, the module will add an ACL: &lt;em&gt;Everything under the root&lt;/em&gt; &apos;/&apos; of the workspace respectively for each roles mentioned above.&lt;/font&gt;&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;CLOUD usages&lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Some generated workspaces: studies, partners, references, jobs, news, events, navigations, boilderplates, holders, speakers, teasers, etc&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;But they don&apos;t actually need them. Have no user is belong to these roles.&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Limitation:&lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;User need to became a member of content-type roles.&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;When user became a member of content-type roles, they will have permissions to access all of auto-generated workspaces.&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;ACL is harcoding. Only &quot;Everything under the root&quot; is supported.&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;


&lt;h6&gt;&lt;a name=&quot;&quot;&gt;&lt;/a&gt;&lt;font color=&quot;#333333&quot;&gt;What&apos;s next?&lt;/font&gt;&lt;/h6&gt;

&lt;p&gt;&lt;font color=&quot;#333333&quot;&gt;New implementation need to take care of some aspects as bellow:&lt;/font&gt;&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Web access: Should not handled as this level&lt;/font&gt;&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Roles and ACL - &lt;a href=&quot;https://documentation.magnolia-cms.com/display/DOCS56/Roles+and+access+control+lists&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://documentation.magnolia-cms.com/display/DOCS56/Roles+and+access+control+lists&lt;/a&gt; &lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Due to limitation of current implementation. Most likely we need to support specify custom roles and ACL list, otherwise it&apos;s useless.&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Example structure&lt;/font&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
security:
    - anonymous
        -  &lt;span class=&quot;code-quote&quot;&gt;&quot;/*&quot;&lt;/span&gt;: DENY 
    - superuser
        - &lt;span class=&quot;code-quote&quot;&gt;&quot;/*&quot;&lt;/span&gt;: ALL 
    - asian-editors
        - &lt;span class=&quot;code-quote&quot;&gt;&quot;/asia-news/*&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;READ/WRITE&quot;&lt;/span&gt;
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Could add &quot;content-base&quot; + &quot;content-editor&quot; as default for back-compatiblity&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Support specify groups: &lt;em&gt;Could be not.&lt;/em&gt;&lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Generates role per workspace and add to specified groups.&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Apps visibility and action availability - &lt;a href=&quot;https://documentation.magnolia-cms.com/display/DOCS56/App+permissions&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://documentation.magnolia-cms.com/display/DOCS56/App+permissions&lt;/a&gt;&lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Use for app generation&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Role names are enough.&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;REST API - &lt;a href=&quot;https://documentation.magnolia-cms.com/display/DOCS56/Nodes+endpoint+API&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://documentation.magnolia-cms.com/display/DOCS56/Nodes+endpoint+API&lt;/a&gt;&lt;/font&gt;
	&lt;ul&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;Exposing REST API for the generated workspace is one of the goal&lt;/font&gt;&lt;/li&gt;
		&lt;li&gt;&lt;font color=&quot;#333333&quot;&gt;With supported ACL, REST module could register appropriate permissions and web access.&lt;/font&gt;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;font color=&quot;#333333&quot;&gt;So far, we&apos;re discussing the JCR security aspects. For other Data Sources they need to have their implementation and customization.&lt;/font&gt;&lt;/p&gt;

&lt;p&gt;&lt;font color=&quot;#333333&quot;&gt;TBC&lt;/font&gt;&lt;/p&gt;</comment>
                            <comment id="160828" author="mgeljic" created="Fri, 18 May 2018 11:28:07 +0200"  >&lt;p&gt;Great research:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;We keep this ticket to make sure we grant superuser role RW access to newly created workspaces&lt;/li&gt;
	&lt;li&gt;We clone it to keep the discussion going re: giving control from YAML config over the security setup&lt;/li&gt;
	&lt;li&gt;Ideally we remove the two former role assignments on anonymous and system &lt;b&gt;user&lt;/b&gt;.
	&lt;ul&gt;
		&lt;li&gt;We rather give workspace ACLs to superuser &lt;b&gt;role&lt;/b&gt; directly&lt;/li&gt;
		&lt;li&gt;And we don&apos;t give any access to anonymous by default (will be revisited lated, maybe with a flag)&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>relation</name>
                                            <outwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="58009">MGNLCT-3</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 14 May 2018 11:56:58 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10246" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>MGNLCT-19</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mgeljic</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 39 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>mgeljic</customfieldvalue>
            <customfieldvalue>ngoc.nguyenthanh</customfieldvalue>
            <customfieldvalue>oanh.thai</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y002oy:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="716">Saigon 145</customfieldvalue>
    <customfieldvalue id="729">Saigon 146</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10242" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_14167" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Task DoR</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>