You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Define "readable" and "writable" properties in AgAttribute, AgRelationship and AgIdPart
Replace @ClientReadable and @ClientWritable with per-property annotations, that initialize the above metadata object properties
Remove injectable EntityConstraint, and do checks based on individual attribute, id, relationship read/write values.
The immediate benefit of the new approach is a single property filtering mechanism that is tied to the Ag model, instead of being hidden in a separate service. It can be applied uniformly either per runtime or per individual request.
Upgrade Notes
@ClientReadable and @ClientWritable annotations have been
removed, as a rather inelegant mechanism to reference class properties. Instead @Ag* annotations on getters
(@AgId, @AgAttribute and @AgRelationship) now provide "readable" and "writable" properties. By default all
properties are both readable and writable. So you must review your code and replace @ClientReadable and @ClientWritable with explicit annotations on properties that you would like to exclude from either reading or
writing. E.g. if a property "a" was "client-readable", then @ClientReadable annotation should be removed, and
properties "b", "c", etc. should be annotated with @AgAttribute(readable=false) / @AgRelationship(readable=false)
Injectable EntityConstraint is removed in favor of per-attribute access controls. There was a little-known mechanism to programmatically define runtime-wide policy for entity read and write property
exclusion - an injectable EntityConstraint. List injection keys were agrest.constraints.read.list and agrest.constraints.write.list
for read and write constraints respectively. This mechanism was removed. There are two alternatives: @Ag* annotations and AgEntityOverlay
The text was updated successfully, but these errors were encountered:
andrus
changed the title
Consolidate access control API: PropertyFilter
Consolidate access control API: fold readable and writable flags into the Ag entity model
Oct 9, 2021
First step in #445 implementation:
@ClientReadable
and@ClientWritable
with per-property annotations, that initialize the above metadata object propertiesEntityConstraint
, and do checks based on individual attribute, id, relationship read/write values.The immediate benefit of the new approach is a single property filtering mechanism that is tied to the Ag model, instead of being hidden in a separate service. It can be applied uniformly either per runtime or per individual request.
Upgrade Notes
@ClientReadable
and@ClientWritable
annotations have beenremoved, as a rather inelegant mechanism to reference class properties. Instead
@Ag*
annotations on getters(
@AgId
,@AgAttribute
and@AgRelationship
) now provide "readable" and "writable" properties. By default allproperties are both readable and writable. So you must review your code and replace
@ClientReadable
and@ClientWritable
with explicit annotations on properties that you would like to exclude from either reading orwriting. E.g. if a property "a" was "client-readable", then
@ClientReadable
annotation should be removed, andproperties "b", "c", etc. should be annotated with
@AgAttribute(readable=false)
/@AgRelationship(readable=false)
Injectable EntityConstraint is removed in favor of per-attribute access controls. There was a little-known mechanism to programmatically define runtime-wide policy for entity read and write property
exclusion - an injectable
EntityConstraint
. List injection keys wereagrest.constraints.read.list
andagrest.constraints.write.list
for read and write constraints respectively. This mechanism was removed. There are two alternatives:
@Ag*
annotations andAgEntityOverlay
The text was updated successfully, but these errors were encountered: