You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Eric Norman (Jira)" <ji...@apache.org> on 2022/04/02 19:16:00 UTC

[jira] [Created] (SLING-11243) Allow modifying an ace with more specific restriction details

Eric Norman created SLING-11243:
-----------------------------------

             Summary: Allow modifying an ace with more specific restriction details
                 Key: SLING-11243
                 URL: https://issues.apache.org/jira/browse/SLING-11243
             Project: Sling
          Issue Type: New Feature
            Reporter: Eric Norman
            Assignee: Eric Norman
             Fix For: JCR Jackrabbit Access Manager 3.0.12


Support for modifying an ace with more specific details to support advanced usage of privileges with restrictions.

These are a few of the use cases:
 # Setting a restriction for a specific privilege instead of for all privileges
 # Removing a restriction from a specific privilege
 # Privilege can set for the 'allow' and 'deny' state at the same time if those have different restrictions
 # Privilege can be unset for 'allow' or 'deny' state while leaving the other state alone

 

The proposal is to supporting these additional request parameters:
{noformat}
One param for each privilege to delete. The parameter value must be either 'allow', 'deny' or 'all' to specify which state to delete from.

    privilege@[privilege_name]@Delete

One param for each restriction value. The same parameter name may be used again for multi-value restrictions. The @Allow or @Deny suffix specifies whether to apply the restriction to the 'allow' or 'deny' privilege.  The value is the target value of the restriction to be set.         

    restriction@[privilege_name]@[restriction_name]@Allow
    restriction@[privilege_name]@[restriction_name]@Deny

One param for each restriction to delete. The parameter value must be either 'allow', 'deny' or 'all' to specify which state to delete from.

    restriction@[privilege_name]@[restriction_name]@Delete{noformat}
For consistency, also extend the values allowed for the "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases for 'granted' or 'denied'.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)