No README... but I attached a simple diagram. Basically, fortress stores the permission attribute sets, permission attributes, and role constraints that tie user role assignments to a permission attribute set. However, fortress doesn't enforce the any of these "FILTER" ftRCs, that is the responsibility of the client.
I think FC-116... ----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Thursday, September 15, 2016 2:32:26 PM Subject: Re: Fortress Filter Constraints Implemented > On Sep 15, 2016, at 8:08 AM, Chris Pike <[email protected]> wrote: > > A while back we discussed adding a new type of Role Constraint to support > "attribute" based permissions > (http://mail-archives.apache.org/mod_mbox/directory-fortress/201601.mbox/browser). > I think I'm almost ready to merge into master, but would like you to take a > look since there are a lot of changes. > (https://github.com/PennState/directory-fortress-core-1/tree/feature/addPermAttrAndUserRoleConstraints). Performing a detailed review of the code now. As you've said, many changes. So far looking good but it’s going to take me a while to get through it all and I don’t want to hold you up in getting it committed. There’s also Vyacheslav's pull request coming soon (FC-144’s group-role) that must be inserted into trunk in next few days as well. Not a must but any chance for a doc that explains how it works? i.e. new readme - README-ABAC.md. One more question, which ticket will this be associated with? Great job btw. Thanks, Shawn
