[
https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated SLING-11243:
--------------------------------
Description:
Support for modifying an ace with more specific details to support advanced
usage of privileges with restrictions.
These are a few of the use cases:
# Setting a restriction for a specific privilege instead of for all privileges
# Removing a restriction from a specific privilege
# Privilege can set for the 'allow' and 'deny' state at the same time if those
have different restrictions
# Privilege can be unset for 'allow' or 'deny' state while leaving the other
state alone
The proposal is to supporting these additional request parameters:
{code:java}
One param for each privilege to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
privilege@[privilege_name]@Delete
One param for each restriction value. The same parameter name may be used again
for multi-value restrictions. The @Allow or @Deny suffix specifies whether to
apply the restriction to the 'allow' or 'deny' privilege. The value is the
target value of the restriction to be set.
restriction@[privilege_name]@[restriction_name]@Allow
restriction@[privilege_name]@[restriction_name]@Deny
One param for each restriction to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
restriction@[privilege_name]@[restriction_name]@Delete {code}
For consistency, also extend the values allowed for the
"privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases
for 'granted' or 'denied'.
was:
Support for modifying an ace with more specific details to support advanced
usage of privileges with restrictions.
These are a few of the use cases:
# Setting a restriction for a specific privilege instead of for all privileges
# Removing a restriction from a specific privilege
# Privilege can set for the 'allow' and 'deny' state at the same time if those
have different restrictions
# Privilege can be unset for 'allow' or 'deny' state while leaving the other
state alone
The proposal is to supporting these additional request parameters:
{noformat}
One param for each privilege to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
privilege@[privilege_name]@Delete
One param for each restriction value. The same parameter name may be used again
for multi-value restrictions. The @Allow or @Deny suffix specifies whether to
apply the restriction to the 'allow' or 'deny' privilege. The value is the
target value of the restriction to be set.
restriction@[privilege_name]@[restriction_name]@Allow
restriction@[privilege_name]@[restriction_name]@Deny
One param for each restriction to delete. The parameter value must be either
'allow', 'deny' or 'all' to specify which state to delete from.
restriction@[privilege_name]@[restriction_name]@Delete{noformat}
For consistency, also extend the values allowed for the
"privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases
for 'granted' or 'denied'.
> Allow modifying an ace with more specific restriction details
> -------------------------------------------------------------
>
> Key: SLING-11243
> URL: https://issues.apache.org/jira/browse/SLING-11243
> Project: Sling
> Issue Type: New Feature
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit Access Manager 3.0.12
>
>
> Support for modifying an ace with more specific details to support advanced
> usage of privileges with restrictions.
> These are a few of the use cases:
> # Setting a restriction for a specific privilege instead of for all
> privileges
> # Removing a restriction from a specific privilege
> # Privilege can set for the 'allow' and 'deny' state at the same time if
> those have different restrictions
> # Privilege can be unset for 'allow' or 'deny' state while leaving the other
> state alone
>
> The proposal is to supporting these additional request parameters:
>
> {code:java}
> One param for each privilege to delete. The parameter value must be either
> 'allow', 'deny' or 'all' to specify which state to delete from.
> privilege@[privilege_name]@Delete
> One param for each restriction value. The same parameter name may be used
> again for multi-value restrictions. The @Allow or @Deny suffix specifies
> whether to apply the restriction to the 'allow' or 'deny' privilege. The
> value is the target value of the restriction to be set.
> restriction@[privilege_name]@[restriction_name]@Allow
> restriction@[privilege_name]@[restriction_name]@Deny
> One param for each restriction to delete. The parameter value must be either
> 'allow', 'deny' or 'all' to specify which state to delete from.
> restriction@[privilege_name]@[restriction_name]@Delete {code}
>
> For consistency, also extend the values allowed for the
> "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases
> for 'granted' or 'denied'.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
