Authorization policies - use selected persmissions only from transitive evaluator
When transitive evaluator is configured, then all owner permissions are granted transitivelly. This in not required in some UC.
- i want to read and edit subordinate (identity), but i don't want to edit all it's contracts.
Add permissions support to transitive policies (AbstractTransitiveEvaluator) - configured permissions will be used for owner permissions intersection => only selected permissions will be granted by owner.
#3 Updated by Radek Tomiška 5 months ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
It's implemented - only selected permissions can be used from owner permissions transitively.
I've added new abstract transitive evaluator property (include-permissions), but is needed to override and implement this new feature by each evaluator (getPredicate method has to be changed and new configuration form attribute has to be used) - new behavior is implemented in IdentityContractByIdentityEvaluator only for now.
Could you provide me a feedback, please?
#4 Updated by Vít Švanda 5 months ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and tested it. Works nice. Thanks for this feature.
I had one obstecle. By my mistake I configured permissions in combination IdentityContractByIdentityEvaluator and IdentityByContractEvaluator. This caused over looping. I know, this combination is totally wrong, but some validation clould be created in future for this.