-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consolidate access control API #445
Comments
API as of 4.7With #491 implemented, the matrix of security mechanisms looks like this:
While having the same number of rows, it is actually model-driven and much more straightforward internally (no more ClientReadable/ClientWritable, no more injectable EntityConstraint). We now have a unified property filtering model that can be applied either per-runtime or per-request. The next steps will be removing |
API as of 4.8Property Access
This API is mostly final. Object Access
This API needs review and improvement. The following tasks were opened to handle it:
|
Closing this mega task. It is 95% done. We'll focus on specific remaining features and enhancements:
|
There is a number of disparate access control mechanisms in Agrest that allow to exclude object properties, or objects themselves from updates or selects, as the next section shows, there's a bunch of overlap and very little consistency among them. Some important controls are missing all together. Would be great to reduce the number of APIs involved here and provide a single access control model.
Existing APIs (as of 3.5)
@ClientReadable
,@ClientWritable
)Size Constraint
...
Constraint
Constraint<T> extends Function<AgEntity<T>, ConstrainedAgEntity<T>>
Constraint
builder API.Limitations:
EntityConstraint
(gone per #491)
allowsId
,allowsAttribute
,allowsRelationship
@ClientReadable
/@ClientWritable
annotations; injection;Limitations:
@ClientReadable
/@ClientWritable
are per class property lists, not per property (Cayenne influence), making them unusable.EntityEncoderFilter
matches(entity)
,encode(object)
,willEncode(object)
EntityEncoderFilter.forEntity(X.class).objectCondition(f1).encoder(f2)
.. added to SelectBuilder or AgRuntimeLimitations:
(Filter updates - Missing)
Limitations:
Function<EntityUpdate,Boolean>
? )The text was updated successfully, but these errors were encountered: