[
https://issues.apache.org/jira/browse/OAK-9675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated OAK-9675:
-----------------------------
Description:
This is in support of a use case where we want a stricter value constraint on
what is allowed to be stored in an authorizable property. The unstructured
property definition from rep:Authorizable is too permissive for the use case.
Defining and using a mixin with a property definition that has a value
constraint defined solves most of the use case, but after doing that then the
property is no longer visible in the authorizable properties.
Basically, the current implementation of
AuthorizablePropertiesImpl#getAuthorizableProperty will exclude any properties
whose property definition is not declared by the rep:Authorizable node type.
This means property definitions that are defined by any mixin type are excluded.
The proposed improvement here is to add an optional configuration property that
would define the names of mixin types that are allowed to define authorizable
properties. Any property definition defined by a mixin type in this set would
be included, and anything else would be excluded as before.
was:
This is in support of a use case where we want a stricter constraint on what is
allowed to be stored in an authorizable property. The unstructured property
definition from rep:Authorizable is too permissive for the use case. Defining
and using a mixin with a property definition that has a value constraint
defined solves most of the use case, but after doing that then the property is
no longer visible in the authorizable properties.
Basically, the current implementation of
AuthorizablePropertiesImpl#getAuthorizableProperty will exclude any properties
whose property definition is not declared by the rep:Authorizable node type.
This means property definitions that are defined by any mixin type are excluded.
The proposed improvement here is to add an optional configuration property that
would define the names of mixin types that are allowed to define authorizable
properties. Any property definition defined by a mixin type in this set would
be included, and anything else would be excluded as before.
> Configuration option for allowed authorizable properties mixin types
> --------------------------------------------------------------------
>
> Key: OAK-9675
> URL: https://issues.apache.org/jira/browse/OAK-9675
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core, security-spi
> Reporter: Eric Norman
> Assignee: Angela Schreiber
> Priority: Major
> Fix For: 1.44.0
>
>
> This is in support of a use case where we want a stricter value constraint on
> what is allowed to be stored in an authorizable property. The unstructured
> property definition from rep:Authorizable is too permissive for the use case.
> Defining and using a mixin with a property definition that has a value
> constraint defined solves most of the use case, but after doing that then
> the property is no longer visible in the authorizable properties.
> Basically, the current implementation of
> AuthorizablePropertiesImpl#getAuthorizableProperty will exclude any
> properties whose property definition is not declared by the rep:Authorizable
> node type. This means property definitions that are defined by any mixin
> type are excluded.
> The proposed improvement here is to add an optional configuration property
> that would define the names of mixin types that are allowed to define
> authorizable properties. Any property definition defined by a mixin type in
> this set would be included, and anything else would be excluded as before.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
