[ https://issues.apache.org/jira/browse/ISIS-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andi Huber closed ISIS-2810. ---------------------------- Resolution: Won't Fix won't fix: the current model will do for now > [is this required?] secman - introduce explicit permissions for type > -------------------------------------------------------------------- > > Key: ISIS-2810 > URL: https://issues.apache.org/jira/browse/ISIS-2810 > Project: Isis > Issue Type: Improvement > Components: Isis Core > Affects Versions: 2.0.0-M5 > Reporter: Daniel Keir Haywood > Assignee: Daniel Keir Haywood > Priority: Minor > > ... by reworking HiddenTypeFacetDerivedFromAuthorization to be based on > explicit type action. > *discussion:* > The current behaviour of the NavigationFacetDerivedFromHiddenType, which is > derived from HiddenTypeFacetDerivedFromAuthorizaion (the only implementation > of HiddenTypeFacet) is difficult to comprehend and might be considered too > strict ... see for example this thread: > [https://the-asf.slack.com/archives/CFC42LWBV/p1626757648322200?thread_ts=1626754801.321200&cid=CFC42LWBV.] > > An alternative design has been suggested for > HiddenTypeFacetDerivedFromAuthorizaion that is based not on whether there are > any members visible, but simply on whether the type has been explicitly > hidden (or perhaps implicitly inherited from the namespace). For more info, > pick up the thread here: > [https://the-asf.slack.com/archives/CFC42LWBV/p1626778227337200?thread_ts=1626754801.321200&cid=CFC42LWBV] > Perhaps a configuration flag should determine the behaviour of its facet > factory easy to configure: > * EXPLICIT_TYPE_PERMISSIONS (this is the default) > * DERIVED_FROM_MEMBER_PERMISSIONS (collections, properties and actions) > * DERIVED_FROM_ASSOCIATION_PERMISSIONS (collections + properties but not > actions) > * DERIVED_FROM_PROPERTIES_PERMISSIONS > * NONE ... effectively disable -- This message was sent by Atlassian Jira (v8.20.7#820007)