Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Per-entity CRUD filters and authorizers for UpdateBuilder #502

Closed
andrus opened this issue Nov 25, 2021 · 0 comments
Closed

Per-entity CRUD filters and authorizers for UpdateBuilder #502

andrus opened this issue Nov 25, 2021 · 0 comments
Milestone
4.8

Comments

@andrus
Copy link
Contributor

andrus commented Nov 25, 2021
edited
Loading

Similar to #501, let's implement a set of rules for CRUD operations (UpdateBuilder). This will require a read "filter" and create/update/delete "authorizers".

  • A filter would exclude unauthorized objects from response
  • Authorizers would fail the whole request with 403 Forbidden should at least one of the checks fail.

Usage Example

This is per-request API. Same rules can be applied per Agrest stack using similar AgEntityOverlay methods.

 Ag.service(config)
    .createOrUpdate(E2.class)

    // per-request filter
    .readableFilter(E2.class, e2 -> /* .. */)

    // per-request authorizers
    .createAuthorizer(E2.class, u -> /* .. */)
    .updateAuthorizer(E2.class, (o, u) -> /* .. */)
    .deleteAuthorizer(E2.class, o -> /* .. */)

    .syncAndSelect(updates);
@andrus andrus mentioned this issue Nov 25, 2021
Closed
andrus added a commit that referenced this issue Nov 26, 2021
@andrus
Replace Constraint with per-entity API based on AgEntityOverlay #493
0b24ee7 
.. renaming access rules to filters for symmetry with #501 and #502
@andrus andrus changed the title Per-entity object update filter Per-entity update filter Nov 27, 2021
@andrus andrus mentioned this issue Nov 28, 2021
Closed
@andrus andrus changed the title Per-entity update filter Per-entity create/update/delete filters Nov 28, 2021
@andrus andrus changed the title Per-entity create/update/delete filters Per-entity CRUD filters for update/delete operations Nov 28, 2021
@andrus andrus changed the title Per-entity CRUD filters for update/delete operations Per-entity CRUD filters and authorizers for update/delete operations Dec 5, 2021
@andrus andrus added this to the 4.8 milestone Dec 5, 2021
@andrus andrus changed the title Per-entity CRUD filters and authorizers for update/delete operations Per-entity CRUD filters and authorizers for UpdateBuilder Dec 5, 2021
@andrus andrus mentioned this issue Dec 5, 2021
Closed
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters for update/delete operations #502
fcebb2a
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters for update/delete operations #502
49c6004 
.. create/update/delete filters must cause immediate failure of the entire request, not filter operations
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters for update/delete operations #502
8a6da3f 
.. renaming create/update/delete filters to "authorizers".
The new name is more appropriate as they fail entire requests,
not just exclude disallowed operations

.. moving from "filter" to "access" package
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters for update/delete operations #502
9834094 
.. read filter for updates
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters for update/delete operations #502
2b8cd60 
.. create/update/delete authorizers
andrus added a commit that referenced this issue Dec 5, 2021
@andrus
Per-entity CRUD filters and authorizers for UpdateBuilder #502
b152b92 
release notes
@andrus andrus closed this as completed Dec 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.8
Development

No branches or pull requests
1 participant
@andrus