Authorization policies: Add permission to identity by contract (transitively)
Add new autorization policy to add permission to identity by permission by identity contract (transitively). Permission to contract can be given by subordinate evaluator.
#2 Updated by Radek Tomiška 5 months ago
- Subject changed from Authorization policies: Add permission to identity by contract (transitivelly) to Authorization policies: Add permission to identity by contract (transitively)
- Description updated (diff)
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
I've added three new authorization evaluators:
The main benefit is, we are able to configure permission to some of contracts (~ by contract manager) instead for the whole identity - so logged identity can see (read / update) only contracts, which he manages. + With ''IdentityRoleByContractEvaluator'' combination is able to see (edit) only roles for these contracts.
Could you provide me a feedback, please?
#4 Updated by Vít Švanda 5 months ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Radek Tomiška
I did reivew and test. Work perfectly. I found only one formal thing. Informations writte in the wiki https://wiki.czechidm.com/devel/documentation/security/dev/authorization I expected in changelog too. Or did I miss something?