Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consolidate access control API: fold readable and writable flags into the Ag entity model #491

Closed
andrus opened this issue Oct 9, 2021 · 0 comments
Milestone

Comments

@andrus
Copy link
Contributor

andrus commented Oct 9, 2021

First step in #445 implementation:

  • Define "readable" and "writable" properties in AgAttribute, AgRelationship and AgIdPart
  • Replace @ClientReadable and @ClientWritable with per-property annotations, that initialize the above metadata object properties
  • Remove injectable EntityConstraint, and do checks based on individual attribute, id, relationship read/write values.

The immediate benefit of the new approach is a single property filtering mechanism that is tied to the Ag model, instead of being hidden in a separate service. It can be applied uniformly either per runtime or per individual request.

Upgrade Notes

  • @ClientReadable and @ClientWritable annotations have been
    removed, as a rather inelegant mechanism to reference class properties. Instead @Ag* annotations on getters
    (@AgId, @AgAttribute and @AgRelationship) now provide "readable" and "writable" properties. By default all
    properties are both readable and writable. So you must review your code and replace @ClientReadable and
    @ClientWritable with explicit annotations on properties that you would like to exclude from either reading or
    writing. E.g. if a property "a" was "client-readable", then @ClientReadable annotation should be removed, and
    properties "b", "c", etc. should be annotated with @AgAttribute(readable=false) / @AgRelationship(readable=false)

  • Injectable EntityConstraint is removed in favor of per-attribute access controls. There was a little-known mechanism to programmatically define runtime-wide policy for entity read and write property
    exclusion - an injectable EntityConstraint. List injection keys were agrest.constraints.read.list and agrest.constraints.write.list
    for read and write constraints respectively. This mechanism was removed. There are two alternatives: @Ag* annotations and AgEntityOverlay

@andrus andrus changed the title Consolidate access control API: PropertyFilter Consolidate access control API: fold readable and writable flags into the Ag entity model Oct 9, 2021
andrus added a commit that referenced this issue Oct 10, 2021
andrus added a commit that referenced this issue Oct 10, 2021
andrus added a commit that referenced this issue Oct 10, 2021
… the Ag entity model #491

* replacing EntityConstraint with direct checks for readability of attributes
andrus added a commit that referenced this issue Oct 10, 2021
@andrus andrus added this to the 4.7 milestone Oct 10, 2021
@andrus andrus closed this as completed Oct 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant