[
https://issues.apache.org/jira/browse/ISIS-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andi Huber closed ISIS-2810.
----------------------------
Resolution: Won't Fix
won't fix: the current model will do for now
> [is this required?] secman - introduce explicit permissions for type
> --------------------------------------------------------------------
>
> Key: ISIS-2810
> URL: https://issues.apache.org/jira/browse/ISIS-2810
> Project: Isis
> Issue Type: Improvement
> Components: Isis Core
> Affects Versions: 2.0.0-M5
> Reporter: Daniel Keir Haywood
> Assignee: Daniel Keir Haywood
> Priority: Minor
>
> ... by reworking HiddenTypeFacetDerivedFromAuthorization to be based on
> explicit type action.
> *discussion:*
> The current behaviour of the NavigationFacetDerivedFromHiddenType, which is
> derived from HiddenTypeFacetDerivedFromAuthorizaion (the only implementation
> of HiddenTypeFacet) is difficult to comprehend and might be considered too
> strict ... see for example this thread:
> [https://the-asf.slack.com/archives/CFC42LWBV/p1626757648322200?thread_ts=1626754801.321200&cid=CFC42LWBV.]
>
> An alternative design has been suggested for
> HiddenTypeFacetDerivedFromAuthorizaion that is based not on whether there are
> any members visible, but simply on whether the type has been explicitly
> hidden (or perhaps implicitly inherited from the namespace). For more info,
> pick up the thread here:
> [https://the-asf.slack.com/archives/CFC42LWBV/p1626778227337200?thread_ts=1626754801.321200&cid=CFC42LWBV]
> Perhaps a configuration flag should determine the behaviour of its facet
> factory easy to configure:
> * EXPLICIT_TYPE_PERMISSIONS (this is the default)
> * DERIVED_FROM_MEMBER_PERMISSIONS (collections, properties and actions)
> * DERIVED_FROM_ASSOCIATION_PERMISSIONS (collections + properties but not
> actions)
> * DERIVED_FROM_PROPERTIES_PERMISSIONS
> * NONE ... effectively disable
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
