|
History
| Log In
|
|
|
|
ok, then I will add a new user-settable permission named "restricted read".
I have added another permission, RestrictedRead.
=> marking as Resolved / Incomplete please postpone it again if it is not a priority but do not close it while it is not actually fixed
The permission extension point should make it possible to define new (possibly compound) permissions, remove existing permissions, add or remove permissions from the list of sub-permissions of a compound permission.
The permission manager should also provide a method to define which permissions are to be available on as options in the UI (web or RCP) screens to edit documents ACP. Hence the current UIPermissionService in webapp is to be deprecated in favor of the new version of the security service. Expected syntax of a contribution to the permission service extension point. <?xml version="1.0"?> <component name="org.nuxeo.ecm.core.security.defaultPermissions"> <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions"> <permission name="Browse" /> <permission name="Version" /> <permission name="ReadProperties" /> <permission name="ReadChildren" /> <permission name="ReadLifeCycle" /> <permission name="ReviewParticipant" /> <permission name="Read" availableForUserSetting="true" order="30"> <include name="Browse" /> <include name="Version" /> <include name="ReadProperties" /> <include name="ReadChildren" /> <include name="ReadLifeCycle" /> <include name="ReviewParticipant" /> </permission> <permission name = "ReadRemove"> <include name="Read" /> <include name="Remove" /> </permission> <permission name="AddChildren" /> <permission name="RemoveChildren" /> <permission name="WriteProperties" /> <permission name="Remove" /> <permission name="ManageWorkflows" /> <permission name="WriteLifeCycle" /> <permission name="Write"> <include name="AddChildren" /> <include name="RemoveChildren" /> <include name="WriteProperties" /> <include name="Remove" /> <include name="ManageWorkflows" /> <include name="WriteLifeCycle" /> </permission> <permission name = "ReadWrite" availableForUserSetting="true" order="50" > <include name="Read" /> <include name="Write" /> </permission> <permission name="WriteSecurity" /> <!-- special permission given to administrators: god-level access --> <permission name = "Everything" availableForUserSetting="true" order="100" /> </extension> </component> Now suppose we have a additional components to extend / override the default setup, we can add new permission that combine existing permissions: <?xml version="1.0"?> <component name="com.nuxeo.mycustomproject1.security.permissions"> <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions"> <permission name="CustomAtomicPerm" /> <permission name="CustomCoumpoundPerm" availableForUserSetting="true" order="40"> <include name="ReadWrite" /> <include name="CustomAtomicPerm" /> </permission> </extension> </component> We can also change existing compound permissions be removing sub permissions or change their visibility and display order: <?xml version="1.0"?> <component name="com.nuxeo.mycustomproject1.security.permissions"> <extension target="org.nuxeo.ecm.core.security.SecurityService" point="permissions"> <permission name="Write" availableForUserSetting="true" order="50"> <remove name="WriteLifecycle" /> <include name="AnotherNewPerm" /> </permission> <permission name="ReadWrite" availableForUserSetting="false" /> </extension> </component> availableForUserSetting -> userVisible
order -> displayOrder One feature I'd like added at the same time is permission name aliases.
This is to ease migration when at some point we will want to rename permissions to clean things up. Example syntax (please allow for several aliases): - <permission name="Version" /> + <permission name="ReadVersion"> + <alias name="Version" /> <!-- BBB deprecated old name --> + </permission> visibility settings were finally taken out of the main extension point to make things clearer to setup. See the new XP definition for details: http://svn.nuxeo.org/trac/nuxeo/browser/org.nuxeo.ecm.core/trunk/nuxeo-core/src/main/resources/OSGI-INF/SecurityService.xml
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Improvement
Resolved
Major
Implement an extensible core permission service and related facade API
For NXGED-209 we can add the needed role in the hard coded list : this could be interesting also in nuxeo5 stock.
The extensible permission configuration system is indeed very interesting but I am not sure we need that right now.