Actions
Task #343
closedAuthorization Policies - design and default implementation
Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Authentication / Authorization
Target version:
Start date:
03/23/2017
Due date:
% Done:
100%
Estimated time:
40.00 h
Owner:
Description
Design and implement authorization model:
- design: https://proj.bcvsolutions.eu/ngidm/doku.php?id=roztridit:autorizacni_model
- AuthorizationPolicityEvaluator interface - plugable evaluator:
- relation to entity type (e.g. evaluator for identity)
- provide partial criteria query (exists clause), which could be used in search queries (e.g. return identities, which i can read) - suppose 'read' authorization policy only
- evaluate authorization policies on given entity - returns set of basic authorities (e.g. read, delete, write, start, cancel - what i can do with given entity)
- evaluators can be defined in modules
- more evaluator for one entity type will be joined by "and"
- could be disabled (e.g. core evaluator for identities could be disabled and new evaluator can be used)
- evaluator configuration - properties (e.g. tree type, node, role catalogue ...) - will be used as input properties for evaluation
- new entity AuthorizationPolicy:
- relation to role, evaluator ...
- [optional] configurable from FE - in default implementation could be prefedefined polocies and agenda could be added in the next release
Actions