[jira] [Resolved] (SLING-11243) Allow modifying an ace with more specific restriction details

Fri, 11 Nov 2022 16:07:05 -0800 


     [ 
https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eric Norman resolved SLING-11243.
---------------------------------
    Resolution: Fixed

Merged PR #16 at:  
[{{838c062}}|https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/838c06260a02c1ca3846486d4392167d739a6b51]

> Allow modifying an ace with more specific restriction details
> -------------------------------------------------------------
>
>                 Key: SLING-11243
>                 URL: https://issues.apache.org/jira/browse/SLING-11243
>             Project: Sling
>          Issue Type: New Feature
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: JCR Jackrabbit Access Manager 3.1.0
>
>          Time Spent: 3h 50m
>  Remaining Estimate: 0h
>
> Support for modifying an ace with more specific details to support advanced 
> usage of privileges with restrictions.
> These are a few of the use cases:
>  # Setting a restriction for a specific privilege instead of for all 
> privileges
>  # Removing a restriction from a specific privilege
>  # Privilege can set for the 'allow' and 'deny' state at the same time if 
> those have different restrictions
>  # Privilege can be unset for 'allow' or 'deny' state while leaving the other 
> state alone
>  
> The proposal is to supporting these additional request parameters:
>  
> {code:java}
> One param for each privilege to delete. The parameter value must be either 
> 'allow', 'deny' or 'all' to specify which state to delete from.
>     privilege@[privilege_name]@Delete
> One param for each restriction value. The same parameter name may be used 
> again for multi-value restrictions. The @Allow or @Deny suffix specifies 
> whether to apply the restriction to the 'allow' or 'deny' privilege.  The 
> value is the target value of the restriction to be set.         
>     restriction@[privilege_name]@[restriction_name]@Allow
>     restriction@[privilege_name]@[restriction_name]@Deny
> One param for each restriction to delete. The parameter value must be either 
> 'allow', 'deny' or 'all' to specify which state to delete from.
>     restriction@[privilege_name]@[restriction_name]@Delete {code}
>  
> For consistency, also extend the values allowed for the 
> "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases 
> for 'granted' or 'denied'.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to