You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Eric Norman (Jira)" <ji...@apache.org> on 2022/05/20 17:30:00 UTC

[jira] [Resolved] (SLING-11321) The effective acl/ace json output should contain the paths where the privileges were declared

     [ https://issues.apache.org/jira/browse/SLING-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Norman resolved SLING-11321.
---------------------------------
    Resolution: Fixed

Merged PR at:  [{{302c1de}}|https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/302c1def09d37b9c94d5081e0ba4cc80715742ea]

> The effective acl/ace json output should contain the paths where the privileges were declared
> ---------------------------------------------------------------------------------------------
>
>                 Key: SLING-11321
>                 URL: https://issues.apache.org/jira/browse/SLING-11321
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Minor
>             Fix For: JCR Jackrabbit Access Manager 3.1.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Use Case: For debugging purposes, or if you want a UI view of the effective ACE or ACL to be able to draw links to where the privileges were defined.
> It would be useful for the effective acl and effective ace json to include a "declaredAt" structure for each principal that has the all paths where an applicable ACE was defined.
> Expected something like this for node based ACE definitions:
> {noformat}
> {
>   "principal": "everyone",
>   "privileges": {
>     "jcr:read": {
>       "allow": true
>     },
>     "jcr:readAccessControl": {
>       "allow": true
>     }
>   },
>   "declaredAt": {
>     "node": [
>       "/content",
>       "/content/pages"
>     ]
>   }
> }{noformat}
> Where declaredAt/node contains the paths for any entries defined on a node.
> Or something like this for principal based ACE definitions:
> {noformat}
> {
>   "principal":"sling-readall",
>   "privileges":{
>     "jcr:read":{
>       "allow":true
>     },
>     "jcr:readAccessControl":{
>       "allow":true
>     }
>   },
>   "declaredAt":{
>     "principal":[
>       "/content/pages",
>       "/"
>     ]
>   }
> }{noformat}
> Where declaredAt/principal contains the paths for any principalbased access control 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)