Eric Norman created SLING-11243:
-----------------------------------
Summary: Allow modifying an ace with more specific restriction
details
Key: SLING-11243
URL: https://issues.apache.org/jira/browse/SLING-11243
Project: Sling
Issue Type: New Feature
Reporter: Eric Norman
Assignee: Eric Norman
Fix For: JCR Jackrabbit Access Manager 3.0.12
Support for modifying an ace with more specific details to support advanced
usage of privileges with restrictions.
These are a few of the use cases:
# Setting a restriction for a specific privilege instead of for all privileges
# Removing a restriction from a specific privilege
# Privilege can set for the 'allow' and 'deny' state at the same time if those
have different restrictions
# Privilege can be unset for 'allow' or 'deny' state while leaving the other
state alone
The proposal is to supporting these additional request parameters:
{noformat}
One param for each privilege to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
privilege@[privilege_name]@Delete
One param for each restriction value. The same parameter name may be used again
for multi-value restrictions. The @Allow or @Deny suffix specifies whether to
apply the restriction to the 'allow' or 'deny' privilege. The value is the
target value of the restriction to be set.
restriction@[privilege_name]@[restriction_name]@Allow
restriction@[privilege_name]@[restriction_name]@Deny
One param for each restriction to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
restriction@[privilege_name]@[restriction_name]@Delete{noformat}
For consistency, also extend the values allowed for the
"privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases
for 'granted' or 'denied'.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
